| Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
|---|
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=93268a75-4e24-4720-bae3-d39bc6613fc6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=5.1.14393.1944
RunspaceId=5f367ae9-567a-4579-800b-549379a47ff4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3543 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=93268a75-4e24-4720-bae3-d39bc6613fc6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3542 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=93268a75-4e24-4720-bae3-d39bc6613fc6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3541 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=93268a75-4e24-4720-bae3-d39bc6613fc6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3540 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=93268a75-4e24-4720-bae3-d39bc6613fc6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3539 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=93268a75-4e24-4720-bae3-d39bc6613fc6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3538 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=93268a75-4e24-4720-bae3-d39bc6613fc6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3537 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e02dc800-d044-4151-b365-bee1600d2acf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3fc8a170-aedc-467e-86ca-0cb635b49687
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3536 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e02dc800-d044-4151-b365-bee1600d2acf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3fc8a170-aedc-467e-86ca-0cb635b49687
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3535 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e02dc800-d044-4151-b365-bee1600d2acf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3534 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e02dc800-d044-4151-b365-bee1600d2acf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3533 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e02dc800-d044-4151-b365-bee1600d2acf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3532 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e02dc800-d044-4151-b365-bee1600d2acf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3531 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e02dc800-d044-4151-b365-bee1600d2acf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3530 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e02dc800-d044-4151-b365-bee1600d2acf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3529 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e02dc800-d044-4151-b365-bee1600d2acf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3528 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e02dc800-d044-4151-b365-bee1600d2acf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3527 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ab709ec6-ac13-41e7-a452-4d64df41ae66
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=895d9048-4d03-430a-9873-eff9c9b27b16
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3526 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ab709ec6-ac13-41e7-a452-4d64df41ae66
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3525 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ab709ec6-ac13-41e7-a452-4d64df41ae66
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3524 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ab709ec6-ac13-41e7-a452-4d64df41ae66
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3523 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ab709ec6-ac13-41e7-a452-4d64df41ae66
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3522 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ab709ec6-ac13-41e7-a452-4d64df41ae66
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3521 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ab709ec6-ac13-41e7-a452-4d64df41ae66
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3520 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c41a0dcd-32aa-4b64-8d33-0abc817c348e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABjAEEATgBnAEEAdQBBAEQAQQBBAE8AQQBBAHQAQQBEAEUAQQBPAFEAQQAyAEEARABRAEEATgB3AEEAeQBBAEQAYwBBAE0AZwBBAHcAQQBEAFUAQQBOAFEAQQAwAEEARABrAEEATwBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=e69125aa-dc95-4ed7-a031-8cd77c9d6419
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3519 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f1dc3cb-3cef-4374-969f-2b8a8ed6404f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcANgAuADAAOAAtADEAOQA2ADQANwAyADcAMgAwADUANQA0ADkAOAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=0788f0fc-96fc-4acd-ba1b-2a8eaf8f3af3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3518 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f1dc3cb-3cef-4374-969f-2b8a8ed6404f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcANgAuADAAOAAtADEAOQA2ADQANwAyADcAMgAwADUANQA0ADkAOAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=0788f0fc-96fc-4acd-ba1b-2a8eaf8f3af3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3517 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f1dc3cb-3cef-4374-969f-2b8a8ed6404f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcANgAuADAAOAAtADEAOQA2ADQANwAyADcAMgAwADUANQA0ADkAOAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3516 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f1dc3cb-3cef-4374-969f-2b8a8ed6404f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcANgAuADAAOAAtADEAOQA2ADQANwAyADcAMgAwADUANQA0ADkAOAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3515 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f1dc3cb-3cef-4374-969f-2b8a8ed6404f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcANgAuADAAOAAtADEAOQA2ADQANwAyADcAMgAwADUANQA0ADkAOAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3514 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f1dc3cb-3cef-4374-969f-2b8a8ed6404f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcANgAuADAAOAAtADEAOQA2ADQANwAyADcAMgAwADUANQA0ADkAOAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3513 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f1dc3cb-3cef-4374-969f-2b8a8ed6404f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcANgAuADAAOAAtADEAOQA2ADQANwAyADcAMgAwADUANQA0ADkAOAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3512 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f1dc3cb-3cef-4374-969f-2b8a8ed6404f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcANgAuADAAOAAtADEAOQA2ADQANwAyADcAMgAwADUANQA0ADkAOAA4ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3511 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c41a0dcd-32aa-4b64-8d33-0abc817c348e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABjAEEATgBnAEEAdQBBAEQAQQBBAE8AQQBBAHQAQQBEAEUAQQBPAFEAQQAyAEEARABRAEEATgB3AEEAeQBBAEQAYwBBAE0AZwBBAHcAQQBEAFUAQQBOAFEAQQAwAEEARABrAEEATwBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=e69125aa-dc95-4ed7-a031-8cd77c9d6419
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3510 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c41a0dcd-32aa-4b64-8d33-0abc817c348e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABjAEEATgBnAEEAdQBBAEQAQQBBAE8AQQBBAHQAQQBEAEUAQQBPAFEAQQAyAEEARABRAEEATgB3AEEAeQBBAEQAYwBBAE0AZwBBAHcAQQBEAFUAQQBOAFEAQQAwAEEARABrAEEATwBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3509 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c41a0dcd-32aa-4b64-8d33-0abc817c348e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABjAEEATgBnAEEAdQBBAEQAQQBBAE8AQQBBAHQAQQBEAEUAQQBPAFEAQQAyAEEARABRAEEATgB3AEEAeQBBAEQAYwBBAE0AZwBBAHcAQQBEAFUAQQBOAFEAQQAwAEEARABrAEEATwBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3508 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c41a0dcd-32aa-4b64-8d33-0abc817c348e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABjAEEATgBnAEEAdQBBAEQAQQBBAE8AQQBBAHQAQQBEAEUAQQBPAFEAQQAyAEEARABRAEEATgB3AEEAeQBBAEQAYwBBAE0AZwBBAHcAQQBEAFUAQQBOAFEAQQAwAEEARABrAEEATwBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3507 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c41a0dcd-32aa-4b64-8d33-0abc817c348e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABjAEEATgBnAEEAdQBBAEQAQQBBAE8AQQBBAHQAQQBEAEUAQQBPAFEAQQAyAEEARABRAEEATgB3AEEAeQBBAEQAYwBBAE0AZwBBAHcAQQBEAFUAQQBOAFEAQQAwAEEARABrAEEATwBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3506 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c41a0dcd-32aa-4b64-8d33-0abc817c348e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABjAEEATgBnAEEAdQBBAEQAQQBBAE8AQQBBAHQAQQBEAEUAQQBPAFEAQQAyAEEARABRAEEATgB3AEEAeQBBAEQAYwBBAE0AZwBBAHcAQQBEAFUAQQBOAFEAQQAwAEEARABrAEEATwBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3505 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c41a0dcd-32aa-4b64-8d33-0abc817c348e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABjAEEATgBnAEEAdQBBAEQAQQBBAE8AQQBBAHQAQQBEAEUAQQBPAFEAQQAyAEEARABRAEEATgB3AEEAeQBBAEQAYwBBAE0AZwBBAHcAQQBEAFUAQQBOAFEAQQAwAEEARABrAEEATwBBAEEANABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3504 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4118874-6462-42ce-819a-aa1eb857d6ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e2f6dd97-908a-4cc4-b92e-3c514d1a18b1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3503 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1c0bb17e-efa4-46a3-9bae-279e10abe96b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=74c1120d-53f8-481e-b046-8d10f2534996
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3502 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1c0bb17e-efa4-46a3-9bae-279e10abe96b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3501 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1c0bb17e-efa4-46a3-9bae-279e10abe96b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3500 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1c0bb17e-efa4-46a3-9bae-279e10abe96b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3499 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1c0bb17e-efa4-46a3-9bae-279e10abe96b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3498 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1c0bb17e-efa4-46a3-9bae-279e10abe96b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3497 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1c0bb17e-efa4-46a3-9bae-279e10abe96b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3496 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1c0bb17e-efa4-46a3-9bae-279e10abe96b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3495 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1c0bb17e-efa4-46a3-9bae-279e10abe96b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3494 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4118874-6462-42ce-819a-aa1eb857d6ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e2f6dd97-908a-4cc4-b92e-3c514d1a18b1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3493 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4118874-6462-42ce-819a-aa1eb857d6ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3492 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4118874-6462-42ce-819a-aa1eb857d6ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3491 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4118874-6462-42ce-819a-aa1eb857d6ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3490 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4118874-6462-42ce-819a-aa1eb857d6ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3489 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4118874-6462-42ce-819a-aa1eb857d6ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3488 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4118874-6462-42ce-819a-aa1eb857d6ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3487 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd64db6b-5e25-4430-a63e-36ccbc4b6a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcANgAuADAAOAAtADEAOQA2ADQANwAyADcAMgAwADUANQA0ADkAOAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=bc878891-4146-4c40-a103-982dfbfc46c7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3486 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd64db6b-5e25-4430-a63e-36ccbc4b6a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcANgAuADAAOAAtADEAOQA2ADQANwAyADcAMgAwADUANQA0ADkAOAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=bc878891-4146-4c40-a103-982dfbfc46c7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3485 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd64db6b-5e25-4430-a63e-36ccbc4b6a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcANgAuADAAOAAtADEAOQA2ADQANwAyADcAMgAwADUANQA0ADkAOAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3484 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd64db6b-5e25-4430-a63e-36ccbc4b6a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcANgAuADAAOAAtADEAOQA2ADQANwAyADcAMgAwADUANQA0ADkAOAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3483 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd64db6b-5e25-4430-a63e-36ccbc4b6a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcANgAuADAAOAAtADEAOQA2ADQANwAyADcAMgAwADUANQA0ADkAOAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3482 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd64db6b-5e25-4430-a63e-36ccbc4b6a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcANgAuADAAOAAtADEAOQA2ADQANwAyADcAMgAwADUANQA0ADkAOAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3481 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd64db6b-5e25-4430-a63e-36ccbc4b6a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcANgAuADAAOAAtADEAOQA2ADQANwAyADcAMgAwADUANQA0ADkAOAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3480 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd64db6b-5e25-4430-a63e-36ccbc4b6a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcANgAuADAAOAAtADEAOQA2ADQANwAyADcAMgAwADUANQA0ADkAOAA4AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3479 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9bb3282c-2977-4b2b-92fd-0a78260bc785
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f4c7fa00-6700-47a9-99b2-32cded5517f2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3478 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=62204dcc-d0a7-4be3-acdc-088f3930b3f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d6ee70d7-951b-4a00-a606-4ec39ff3ba28
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3477 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=62204dcc-d0a7-4be3-acdc-088f3930b3f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3476 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=62204dcc-d0a7-4be3-acdc-088f3930b3f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3475 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=62204dcc-d0a7-4be3-acdc-088f3930b3f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3474 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=62204dcc-d0a7-4be3-acdc-088f3930b3f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3473 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=62204dcc-d0a7-4be3-acdc-088f3930b3f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3472 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=62204dcc-d0a7-4be3-acdc-088f3930b3f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3471 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=62204dcc-d0a7-4be3-acdc-088f3930b3f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3470 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=62204dcc-d0a7-4be3-acdc-088f3930b3f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3469 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9bb3282c-2977-4b2b-92fd-0a78260bc785
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f4c7fa00-6700-47a9-99b2-32cded5517f2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3468 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9bb3282c-2977-4b2b-92fd-0a78260bc785
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3467 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9bb3282c-2977-4b2b-92fd-0a78260bc785
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3466 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9bb3282c-2977-4b2b-92fd-0a78260bc785
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3465 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9bb3282c-2977-4b2b-92fd-0a78260bc785
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3464 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9bb3282c-2977-4b2b-92fd-0a78260bc785
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3463 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9bb3282c-2977-4b2b-92fd-0a78260bc785
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3462 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5312926-602c-4448-80c3-a9c19c9b5343
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAHcAQQAyAEEAQwA0AEEATQBBAEEANABBAEMAMABBAE0AUQBBADUAQQBEAFkAQQBOAEEAQQAzAEEARABJAEEATgB3AEEAeQBBAEQAQQBBAE4AUQBBADEAQQBEAFEAQQBPAFEAQQA0AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=6c402c6d-9277-4cd8-a91d-a5d953111412
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3461 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3cb4395-aa30-46cc-a701-2f75b7f90c02
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANwA2AC4AMAA4AC0AMQA5ADYANAA3ADIANwAyADAANQA1ADQAOQA4ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=ec0d7e8a-59ec-4d22-a943-e95122602aff
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3460 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3cb4395-aa30-46cc-a701-2f75b7f90c02
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANwA2AC4AMAA4AC0AMQA5ADYANAA3ADIANwAyADAANQA1ADQAOQA4ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=ec0d7e8a-59ec-4d22-a943-e95122602aff
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3459 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3cb4395-aa30-46cc-a701-2f75b7f90c02
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANwA2AC4AMAA4AC0AMQA5ADYANAA3ADIANwAyADAANQA1ADQAOQA4ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3458 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3cb4395-aa30-46cc-a701-2f75b7f90c02
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANwA2AC4AMAA4AC0AMQA5ADYANAA3ADIANwAyADAANQA1ADQAOQA4ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3457 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3cb4395-aa30-46cc-a701-2f75b7f90c02
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANwA2AC4AMAA4AC0AMQA5ADYANAA3ADIANwAyADAANQA1ADQAOQA4ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3456 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3cb4395-aa30-46cc-a701-2f75b7f90c02
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANwA2AC4AMAA4AC0AMQA5ADYANAA3ADIANwAyADAANQA1ADQAOQA4ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3455 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3cb4395-aa30-46cc-a701-2f75b7f90c02
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANwA2AC4AMAA4AC0AMQA5ADYANAA3ADIANwAyADAANQA1ADQAOQA4ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3454 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3cb4395-aa30-46cc-a701-2f75b7f90c02
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANwA2AC4AMAA4AC0AMQA5ADYANAA3ADIANwAyADAANQA1ADQAOQA4ADgAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3453 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5312926-602c-4448-80c3-a9c19c9b5343
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAHcAQQAyAEEAQwA0AEEATQBBAEEANABBAEMAMABBAE0AUQBBADUAQQBEAFkAQQBOAEEAQQAzAEEARABJAEEATgB3AEEAeQBBAEQAQQBBAE4AUQBBADEAQQBEAFEAQQBPAFEAQQA0AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=6c402c6d-9277-4cd8-a91d-a5d953111412
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3452 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5312926-602c-4448-80c3-a9c19c9b5343
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAHcAQQAyAEEAQwA0AEEATQBBAEEANABBAEMAMABBAE0AUQBBADUAQQBEAFkAQQBOAEEAQQAzAEEARABJAEEATgB3AEEAeQBBAEQAQQBBAE4AUQBBADEAQQBEAFEAQQBPAFEAQQA0AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3451 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5312926-602c-4448-80c3-a9c19c9b5343
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAHcAQQAyAEEAQwA0AEEATQBBAEEANABBAEMAMABBAE0AUQBBADUAQQBEAFkAQQBOAEEAQQAzAEEARABJAEEATgB3AEEAeQBBAEQAQQBBAE4AUQBBADEAQQBEAFEAQQBPAFEAQQA0AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3450 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5312926-602c-4448-80c3-a9c19c9b5343
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAHcAQQAyAEEAQwA0AEEATQBBAEEANABBAEMAMABBAE0AUQBBADUAQQBEAFkAQQBOAEEAQQAzAEEARABJAEEATgB3AEEAeQBBAEQAQQBBAE4AUQBBADEAQQBEAFEAQQBPAFEAQQA0AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3449 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5312926-602c-4448-80c3-a9c19c9b5343
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAHcAQQAyAEEAQwA0AEEATQBBAEEANABBAEMAMABBAE0AUQBBADUAQQBEAFkAQQBOAEEAQQAzAEEARABJAEEATgB3AEEAeQBBAEQAQQBBAE4AUQBBADEAQQBEAFEAQQBPAFEAQQA0AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3448 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5312926-602c-4448-80c3-a9c19c9b5343
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAHcAQQAyAEEAQwA0AEEATQBBAEEANABBAEMAMABBAE0AUQBBADUAQQBEAFkAQQBOAEEAQQAzAEEARABJAEEATgB3AEEAeQBBAEQAQQBBAE4AUQBBADEAQQBEAFEAQQBPAFEAQQA0AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3447 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5312926-602c-4448-80c3-a9c19c9b5343
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAHcAQQAyAEEAQwA0AEEATQBBAEEANABBAEMAMABBAE0AUQBBADUAQQBEAFkAQQBOAEEAQQAzAEEARABJAEEATgB3AEEAeQBBAEQAQQBBAE4AUQBBADEAQQBEAFEAQQBPAFEAQQA0AEEARABnAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3446 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d352f2a0-f9f3-4006-99a9-8b41743f04a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABjAEEATQBnAEEAdQBBAEQATQBBAE0AUQBBAHQAQQBEAGcAQQBNAEEAQQA1AEEARABBAEEATQB3AEEAMwBBAEQAVQBBAE0AdwBBADQAQQBEAFkAQQBOAFEAQQAzAEEARABFAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=a44b7103-3b60-45a6-a08a-0453faa25ca9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3445 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9bf67eb-5e23-46bb-83b2-0cb4dad3c190
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcAMgAuADMAMQAtADgAMAA5ADAAMwA3ADUAMwA4ADYANQA3ADEANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=d8909355-dd8b-4b4d-a99b-1563611e7a1e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3444 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9bf67eb-5e23-46bb-83b2-0cb4dad3c190
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcAMgAuADMAMQAtADgAMAA5ADAAMwA3ADUAMwA4ADYANQA3ADEANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=d8909355-dd8b-4b4d-a99b-1563611e7a1e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3443 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9bf67eb-5e23-46bb-83b2-0cb4dad3c190
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcAMgAuADMAMQAtADgAMAA5ADAAMwA3ADUAMwA4ADYANQA3ADEANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3442 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9bf67eb-5e23-46bb-83b2-0cb4dad3c190
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcAMgAuADMAMQAtADgAMAA5ADAAMwA3ADUAMwA4ADYANQA3ADEANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3441 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9bf67eb-5e23-46bb-83b2-0cb4dad3c190
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcAMgAuADMAMQAtADgAMAA5ADAAMwA3ADUAMwA4ADYANQA3ADEANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3440 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9bf67eb-5e23-46bb-83b2-0cb4dad3c190
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcAMgAuADMAMQAtADgAMAA5ADAAMwA3ADUAMwA4ADYANQA3ADEANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3439 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9bf67eb-5e23-46bb-83b2-0cb4dad3c190
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcAMgAuADMAMQAtADgAMAA5ADAAMwA3ADUAMwA4ADYANQA3ADEANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3438 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9bf67eb-5e23-46bb-83b2-0cb4dad3c190
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcAMgAuADMAMQAtADgAMAA5ADAAMwA3ADUAMwA4ADYANQA3ADEANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3437 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d352f2a0-f9f3-4006-99a9-8b41743f04a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABjAEEATQBnAEEAdQBBAEQATQBBAE0AUQBBAHQAQQBEAGcAQQBNAEEAQQA1AEEARABBAEEATQB3AEEAMwBBAEQAVQBBAE0AdwBBADQAQQBEAFkAQQBOAFEAQQAzAEEARABFAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=a44b7103-3b60-45a6-a08a-0453faa25ca9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3436 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d352f2a0-f9f3-4006-99a9-8b41743f04a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABjAEEATQBnAEEAdQBBAEQATQBBAE0AUQBBAHQAQQBEAGcAQQBNAEEAQQA1AEEARABBAEEATQB3AEEAMwBBAEQAVQBBAE0AdwBBADQAQQBEAFkAQQBOAFEAQQAzAEEARABFAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3435 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d352f2a0-f9f3-4006-99a9-8b41743f04a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABjAEEATQBnAEEAdQBBAEQATQBBAE0AUQBBAHQAQQBEAGcAQQBNAEEAQQA1AEEARABBAEEATQB3AEEAMwBBAEQAVQBBAE0AdwBBADQAQQBEAFkAQQBOAFEAQQAzAEEARABFAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3434 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d352f2a0-f9f3-4006-99a9-8b41743f04a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABjAEEATQBnAEEAdQBBAEQATQBBAE0AUQBBAHQAQQBEAGcAQQBNAEEAQQA1AEEARABBAEEATQB3AEEAMwBBAEQAVQBBAE0AdwBBADQAQQBEAFkAQQBOAFEAQQAzAEEARABFAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3433 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d352f2a0-f9f3-4006-99a9-8b41743f04a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABjAEEATQBnAEEAdQBBAEQATQBBAE0AUQBBAHQAQQBEAGcAQQBNAEEAQQA1AEEARABBAEEATQB3AEEAMwBBAEQAVQBBAE0AdwBBADQAQQBEAFkAQQBOAFEAQQAzAEEARABFAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3432 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d352f2a0-f9f3-4006-99a9-8b41743f04a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABjAEEATQBnAEEAdQBBAEQATQBBAE0AUQBBAHQAQQBEAGcAQQBNAEEAQQA1AEEARABBAEEATQB3AEEAMwBBAEQAVQBBAE0AdwBBADQAQQBEAFkAQQBOAFEAQQAzAEEARABFAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3431 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d352f2a0-f9f3-4006-99a9-8b41743f04a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABjAEEATQBnAEEAdQBBAEQATQBBAE0AUQBBAHQAQQBEAGcAQQBNAEEAQQA1AEEARABBAEEATQB3AEEAMwBBAEQAVQBBAE0AdwBBADQAQQBEAFkAQQBOAFEAQQAzAEEARABFAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3430 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=438b61fd-9b2f-494c-859c-22275f646776
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9d47f5f0-1700-426a-9388-a459599a35b7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3429 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db8d8dd5-59f5-4d48-bc2e-7691e3cc869f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5ef13ccc-bb21-487d-b4e6-8f4fdf0e7615
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3428 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db8d8dd5-59f5-4d48-bc2e-7691e3cc869f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3427 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db8d8dd5-59f5-4d48-bc2e-7691e3cc869f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3426 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db8d8dd5-59f5-4d48-bc2e-7691e3cc869f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3425 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db8d8dd5-59f5-4d48-bc2e-7691e3cc869f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3424 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db8d8dd5-59f5-4d48-bc2e-7691e3cc869f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3423 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db8d8dd5-59f5-4d48-bc2e-7691e3cc869f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3422 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db8d8dd5-59f5-4d48-bc2e-7691e3cc869f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3421 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db8d8dd5-59f5-4d48-bc2e-7691e3cc869f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3420 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=438b61fd-9b2f-494c-859c-22275f646776
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9d47f5f0-1700-426a-9388-a459599a35b7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3419 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=438b61fd-9b2f-494c-859c-22275f646776
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3418 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=438b61fd-9b2f-494c-859c-22275f646776
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3417 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=438b61fd-9b2f-494c-859c-22275f646776
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3416 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=438b61fd-9b2f-494c-859c-22275f646776
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3415 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=438b61fd-9b2f-494c-859c-22275f646776
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3414 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=438b61fd-9b2f-494c-859c-22275f646776
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3413 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38acd8dd-e518-46ca-bf6e-4c072cf4d6c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcAMgAuADMAMQAtADgAMAA5ADAAMwA3ADUAMwA4ADYANQA3ADEANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=194721ee-1abe-4092-9882-9e76d2d8f3ec
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3412 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38acd8dd-e518-46ca-bf6e-4c072cf4d6c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcAMgAuADMAMQAtADgAMAA5ADAAMwA3ADUAMwA4ADYANQA3ADEANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=194721ee-1abe-4092-9882-9e76d2d8f3ec
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3411 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38acd8dd-e518-46ca-bf6e-4c072cf4d6c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcAMgAuADMAMQAtADgAMAA5ADAAMwA3ADUAMwA4ADYANQA3ADEANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3410 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38acd8dd-e518-46ca-bf6e-4c072cf4d6c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcAMgAuADMAMQAtADgAMAA5ADAAMwA3ADUAMwA4ADYANQA3ADEANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3409 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38acd8dd-e518-46ca-bf6e-4c072cf4d6c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcAMgAuADMAMQAtADgAMAA5ADAAMwA3ADUAMwA4ADYANQA3ADEANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3408 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38acd8dd-e518-46ca-bf6e-4c072cf4d6c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcAMgAuADMAMQAtADgAMAA5ADAAMwA3ADUAMwA4ADYANQA3ADEANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3407 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38acd8dd-e518-46ca-bf6e-4c072cf4d6c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcAMgAuADMAMQAtADgAMAA5ADAAMwA3ADUAMwA4ADYANQA3ADEANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3406 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38acd8dd-e518-46ca-bf6e-4c072cf4d6c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADcAMgAuADMAMQAtADgAMAA5ADAAMwA3ADUAMwA4ADYANQA3ADEANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3405 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b4141c8-7f07-42e0-ae72-26947128b203
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=82b0dcd4-07f6-41cb-a906-244642aa8492
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3404 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c597d6ae-4b23-4d0f-af9a-e7ecc73544f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=cb76be5a-35a9-4840-9cd3-e1ca54a6a43f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3403 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c597d6ae-4b23-4d0f-af9a-e7ecc73544f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3402 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c597d6ae-4b23-4d0f-af9a-e7ecc73544f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3401 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c597d6ae-4b23-4d0f-af9a-e7ecc73544f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3400 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c597d6ae-4b23-4d0f-af9a-e7ecc73544f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3399 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c597d6ae-4b23-4d0f-af9a-e7ecc73544f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3398 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c597d6ae-4b23-4d0f-af9a-e7ecc73544f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3397 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c597d6ae-4b23-4d0f-af9a-e7ecc73544f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3396 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c597d6ae-4b23-4d0f-af9a-e7ecc73544f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3395 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b4141c8-7f07-42e0-ae72-26947128b203
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=82b0dcd4-07f6-41cb-a906-244642aa8492
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3394 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b4141c8-7f07-42e0-ae72-26947128b203
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3393 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b4141c8-7f07-42e0-ae72-26947128b203
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3392 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b4141c8-7f07-42e0-ae72-26947128b203
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3391 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b4141c8-7f07-42e0-ae72-26947128b203
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3390 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b4141c8-7f07-42e0-ae72-26947128b203
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3389 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b4141c8-7f07-42e0-ae72-26947128b203
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3388 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=118ff680-5a9f-4b53-b458-c7cb5102860c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAHcAQQB5AEEAQwA0AEEATQB3AEEAeABBAEMAMABBAE8AQQBBAHcAQQBEAGsAQQBNAEEAQQB6AEEARABjAEEATgBRAEEAegBBAEQAZwBBAE4AZwBBADEAQQBEAGMAQQBNAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=4a72b95a-b422-4d5a-bccf-c368cad451e2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3387 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bca6ad9-ccf7-40b4-83dc-ed754b3ab912
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANwAyAC4AMwAxAC0AOAAwADkAMAAzADcANQAzADgANgA1ADcAMQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=98914cef-8f42-4640-94df-83396f025d86
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3386 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bca6ad9-ccf7-40b4-83dc-ed754b3ab912
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANwAyAC4AMwAxAC0AOAAwADkAMAAzADcANQAzADgANgA1ADcAMQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=98914cef-8f42-4640-94df-83396f025d86
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3385 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bca6ad9-ccf7-40b4-83dc-ed754b3ab912
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANwAyAC4AMwAxAC0AOAAwADkAMAAzADcANQAzADgANgA1ADcAMQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3384 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bca6ad9-ccf7-40b4-83dc-ed754b3ab912
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANwAyAC4AMwAxAC0AOAAwADkAMAAzADcANQAzADgANgA1ADcAMQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3383 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bca6ad9-ccf7-40b4-83dc-ed754b3ab912
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANwAyAC4AMwAxAC0AOAAwADkAMAAzADcANQAzADgANgA1ADcAMQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3382 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bca6ad9-ccf7-40b4-83dc-ed754b3ab912
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANwAyAC4AMwAxAC0AOAAwADkAMAAzADcANQAzADgANgA1ADcAMQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3381 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bca6ad9-ccf7-40b4-83dc-ed754b3ab912
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANwAyAC4AMwAxAC0AOAAwADkAMAAzADcANQAzADgANgA1ADcAMQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3380 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bca6ad9-ccf7-40b4-83dc-ed754b3ab912
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANwAyAC4AMwAxAC0AOAAwADkAMAAzADcANQAzADgANgA1ADcAMQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3379 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=118ff680-5a9f-4b53-b458-c7cb5102860c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAHcAQQB5AEEAQwA0AEEATQB3AEEAeABBAEMAMABBAE8AQQBBAHcAQQBEAGsAQQBNAEEAQQB6AEEARABjAEEATgBRAEEAegBBAEQAZwBBAE4AZwBBADEAQQBEAGMAQQBNAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=4a72b95a-b422-4d5a-bccf-c368cad451e2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3378 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=118ff680-5a9f-4b53-b458-c7cb5102860c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAHcAQQB5AEEAQwA0AEEATQB3AEEAeABBAEMAMABBAE8AQQBBAHcAQQBEAGsAQQBNAEEAQQB6AEEARABjAEEATgBRAEEAegBBAEQAZwBBAE4AZwBBADEAQQBEAGMAQQBNAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3377 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=118ff680-5a9f-4b53-b458-c7cb5102860c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAHcAQQB5AEEAQwA0AEEATQB3AEEAeABBAEMAMABBAE8AQQBBAHcAQQBEAGsAQQBNAEEAQQB6AEEARABjAEEATgBRAEEAegBBAEQAZwBBAE4AZwBBADEAQQBEAGMAQQBNAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3376 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=118ff680-5a9f-4b53-b458-c7cb5102860c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAHcAQQB5AEEAQwA0AEEATQB3AEEAeABBAEMAMABBAE8AQQBBAHcAQQBEAGsAQQBNAEEAQQB6AEEARABjAEEATgBRAEEAegBBAEQAZwBBAE4AZwBBADEAQQBEAGMAQQBNAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3375 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=118ff680-5a9f-4b53-b458-c7cb5102860c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAHcAQQB5AEEAQwA0AEEATQB3AEEAeABBAEMAMABBAE8AQQBBAHcAQQBEAGsAQQBNAEEAQQB6AEEARABjAEEATgBRAEEAegBBAEQAZwBBAE4AZwBBADEAQQBEAGMAQQBNAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3374 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=118ff680-5a9f-4b53-b458-c7cb5102860c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAHcAQQB5AEEAQwA0AEEATQB3AEEAeABBAEMAMABBAE8AQQBBAHcAQQBEAGsAQQBNAEEAQQB6AEEARABjAEEATgBRAEEAegBBAEQAZwBBAE4AZwBBADEAQQBEAGMAQQBNAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3373 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=118ff680-5a9f-4b53-b458-c7cb5102860c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAHcAQQB5AEEAQwA0AEEATQB3AEEAeABBAEMAMABBAE8AQQBBAHcAQQBEAGsAQQBNAEEAQQB6AEEARABjAEEATgBRAEEAegBBAEQAZwBBAE4AZwBBADEAQQBEAGMAQQBNAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3372 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dd405fc6-c9d5-4b11-80f0-ea98ea1d4a35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABZAEEATwBBAEEAdQBBAEQAUQBBAE4AQQBBAHQAQQBEAEUAQQBOAFEAQQA0AEEARABjAEEATQBnAEEAMgBBAEQATQBBAE0AZwBBAHkAQQBEAEkAQQBOAGcAQQA0AEEARABNAEEATgBnAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=e676923c-2d29-4518-9894-2b5f973d0005
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3371 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ebf860b8-e287-49e9-9717-ff507e11c219
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADYAOAAuADQANAAtADEANQA4ADcAMgA2ADMAMgAyADIANgA4ADMANgAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=ca56aa0e-6b87-4529-b47f-2a898d6b44d7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3370 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ebf860b8-e287-49e9-9717-ff507e11c219
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADYAOAAuADQANAAtADEANQA4ADcAMgA2ADMAMgAyADIANgA4ADMANgAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=ca56aa0e-6b87-4529-b47f-2a898d6b44d7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3369 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ebf860b8-e287-49e9-9717-ff507e11c219
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADYAOAAuADQANAAtADEANQA4ADcAMgA2ADMAMgAyADIANgA4ADMANgAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3368 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ebf860b8-e287-49e9-9717-ff507e11c219
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADYAOAAuADQANAAtADEANQA4ADcAMgA2ADMAMgAyADIANgA4ADMANgAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3367 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ebf860b8-e287-49e9-9717-ff507e11c219
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADYAOAAuADQANAAtADEANQA4ADcAMgA2ADMAMgAyADIANgA4ADMANgAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3366 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ebf860b8-e287-49e9-9717-ff507e11c219
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADYAOAAuADQANAAtADEANQA4ADcAMgA2ADMAMgAyADIANgA4ADMANgAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3365 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ebf860b8-e287-49e9-9717-ff507e11c219
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADYAOAAuADQANAAtADEANQA4ADcAMgA2ADMAMgAyADIANgA4ADMANgAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3364 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ebf860b8-e287-49e9-9717-ff507e11c219
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADYAOAAuADQANAAtADEANQA4ADcAMgA2ADMAMgAyADIANgA4ADMANgAzACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3363 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dd405fc6-c9d5-4b11-80f0-ea98ea1d4a35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABZAEEATwBBAEEAdQBBAEQAUQBBAE4AQQBBAHQAQQBEAEUAQQBOAFEAQQA0AEEARABjAEEATQBnAEEAMgBBAEQATQBBAE0AZwBBAHkAQQBEAEkAQQBOAGcAQQA0AEEARABNAEEATgBnAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=e676923c-2d29-4518-9894-2b5f973d0005
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3362 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dd405fc6-c9d5-4b11-80f0-ea98ea1d4a35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABZAEEATwBBAEEAdQBBAEQAUQBBAE4AQQBBAHQAQQBEAEUAQQBOAFEAQQA0AEEARABjAEEATQBnAEEAMgBBAEQATQBBAE0AZwBBAHkAQQBEAEkAQQBOAGcAQQA0AEEARABNAEEATgBnAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3361 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dd405fc6-c9d5-4b11-80f0-ea98ea1d4a35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABZAEEATwBBAEEAdQBBAEQAUQBBAE4AQQBBAHQAQQBEAEUAQQBOAFEAQQA0AEEARABjAEEATQBnAEEAMgBBAEQATQBBAE0AZwBBAHkAQQBEAEkAQQBOAGcAQQA0AEEARABNAEEATgBnAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3360 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dd405fc6-c9d5-4b11-80f0-ea98ea1d4a35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABZAEEATwBBAEEAdQBBAEQAUQBBAE4AQQBBAHQAQQBEAEUAQQBOAFEAQQA0AEEARABjAEEATQBnAEEAMgBBAEQATQBBAE0AZwBBAHkAQQBEAEkAQQBOAGcAQQA0AEEARABNAEEATgBnAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3359 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dd405fc6-c9d5-4b11-80f0-ea98ea1d4a35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABZAEEATwBBAEEAdQBBAEQAUQBBAE4AQQBBAHQAQQBEAEUAQQBOAFEAQQA0AEEARABjAEEATQBnAEEAMgBBAEQATQBBAE0AZwBBAHkAQQBEAEkAQQBOAGcAQQA0AEEARABNAEEATgBnAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3358 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dd405fc6-c9d5-4b11-80f0-ea98ea1d4a35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABZAEEATwBBAEEAdQBBAEQAUQBBAE4AQQBBAHQAQQBEAEUAQQBOAFEAQQA0AEEARABjAEEATQBnAEEAMgBBAEQATQBBAE0AZwBBAHkAQQBEAEkAQQBOAGcAQQA0AEEARABNAEEATgBnAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3357 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dd405fc6-c9d5-4b11-80f0-ea98ea1d4a35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBPAFEAQQAwAEEARABZAEEATwBBAEEAdQBBAEQAUQBBAE4AQQBBAHQAQQBEAEUAQQBOAFEAQQA0AEEARABjAEEATQBnAEEAMgBBAEQATQBBAE0AZwBBAHkAQQBEAEkAQQBOAGcAQQA0AEEARABNAEEATgBnAEEAegBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3356 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3790d18b-88ed-4efb-9702-4fe3222a6e2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9fc3b017-e2b5-4851-862f-8f8ecfd25130
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3355 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bafa873a-29ec-42f9-85ee-26ef0a07b60b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b03c374d-3c58-457e-a999-0f357a8701a6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3354 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bafa873a-29ec-42f9-85ee-26ef0a07b60b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3353 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bafa873a-29ec-42f9-85ee-26ef0a07b60b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3352 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bafa873a-29ec-42f9-85ee-26ef0a07b60b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3351 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bafa873a-29ec-42f9-85ee-26ef0a07b60b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3350 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bafa873a-29ec-42f9-85ee-26ef0a07b60b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3349 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bafa873a-29ec-42f9-85ee-26ef0a07b60b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3348 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bafa873a-29ec-42f9-85ee-26ef0a07b60b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3347 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bafa873a-29ec-42f9-85ee-26ef0a07b60b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3346 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3790d18b-88ed-4efb-9702-4fe3222a6e2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9fc3b017-e2b5-4851-862f-8f8ecfd25130
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3345 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3790d18b-88ed-4efb-9702-4fe3222a6e2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3344 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3790d18b-88ed-4efb-9702-4fe3222a6e2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3343 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3790d18b-88ed-4efb-9702-4fe3222a6e2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3342 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3790d18b-88ed-4efb-9702-4fe3222a6e2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3341 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3790d18b-88ed-4efb-9702-4fe3222a6e2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3340 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3790d18b-88ed-4efb-9702-4fe3222a6e2e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3339 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=db0778c3-b967-459a-93e9-b202c99fb448
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADYAOAAuADQANAAtADEANQA4ADcAMgA2ADMAMgAyADIANgA4ADMANgAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=960cf27a-3873-4f07-b143-c4659b2fb9a0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3338 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=db0778c3-b967-459a-93e9-b202c99fb448
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADYAOAAuADQANAAtADEANQA4ADcAMgA2ADMAMgAyADIANgA4ADMANgAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=960cf27a-3873-4f07-b143-c4659b2fb9a0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3337 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=db0778c3-b967-459a-93e9-b202c99fb448
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADYAOAAuADQANAAtADEANQA4ADcAMgA2ADMAMgAyADIANgA4ADMANgAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3336 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=db0778c3-b967-459a-93e9-b202c99fb448
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADYAOAAuADQANAAtADEANQA4ADcAMgA2ADMAMgAyADIANgA4ADMANgAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3335 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=db0778c3-b967-459a-93e9-b202c99fb448
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADYAOAAuADQANAAtADEANQA4ADcAMgA2ADMAMgAyADIANgA4ADMANgAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3334 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=db0778c3-b967-459a-93e9-b202c99fb448
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADYAOAAuADQANAAtADEANQA4ADcAMgA2ADMAMgAyADIANgA4ADMANgAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3333 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=db0778c3-b967-459a-93e9-b202c99fb448
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADYAOAAuADQANAAtADEANQA4ADcAMgA2ADMAMgAyADIANgA4ADMANgAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3332 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=db0778c3-b967-459a-93e9-b202c99fb448
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUAOQA0ADYAOAAuADQANAAtADEANQA4ADcAMgA2ADMAMgAyADIANgA4ADMANgAzAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3331 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5179d9c9-c9b8-4a33-850a-8ff1e0dca070
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9de19ea9-7097-4b42-91a1-841973af934e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3330 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=96ffd4aa-97a6-495e-807e-7de2e3fdf8a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f65d557a-00b6-4d3a-9958-668c92bfd3db
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3329 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=96ffd4aa-97a6-495e-807e-7de2e3fdf8a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3328 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=96ffd4aa-97a6-495e-807e-7de2e3fdf8a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3327 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=96ffd4aa-97a6-495e-807e-7de2e3fdf8a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3326 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=96ffd4aa-97a6-495e-807e-7de2e3fdf8a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3325 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=96ffd4aa-97a6-495e-807e-7de2e3fdf8a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3324 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=96ffd4aa-97a6-495e-807e-7de2e3fdf8a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3323 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=96ffd4aa-97a6-495e-807e-7de2e3fdf8a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3322 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=96ffd4aa-97a6-495e-807e-7de2e3fdf8a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3321 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5179d9c9-c9b8-4a33-850a-8ff1e0dca070
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9de19ea9-7097-4b42-91a1-841973af934e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3320 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5179d9c9-c9b8-4a33-850a-8ff1e0dca070
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3319 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5179d9c9-c9b8-4a33-850a-8ff1e0dca070
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3318 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5179d9c9-c9b8-4a33-850a-8ff1e0dca070
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3317 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5179d9c9-c9b8-4a33-850a-8ff1e0dca070
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3316 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5179d9c9-c9b8-4a33-850a-8ff1e0dca070
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3315 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5179d9c9-c9b8-4a33-850a-8ff1e0dca070
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3314 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=98de9856-a0a8-4286-b849-701face60955
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAGcAQQA0AEEAQwA0AEEATgBBAEEAMABBAEMAMABBAE0AUQBBADEAQQBEAGcAQQBOAHcAQQB5AEEARABZAEEATQB3AEEAeQBBAEQASQBBAE0AZwBBADIAQQBEAGcAQQBNAHcAQQAyAEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=6193e0fc-7d3e-45f7-80a2-890a27605255
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3313 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a8fdf4b6-f390-4b8f-aaaa-d8a99b2bed7d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANgA4AC4ANAA0AC0AMQA1ADgANwAyADYAMwAyADIAMgA2ADgAMwA2ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=9edec2d5-63ee-409b-b503-d6472542af1a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3312 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a8fdf4b6-f390-4b8f-aaaa-d8a99b2bed7d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANgA4AC4ANAA0AC0AMQA1ADgANwAyADYAMwAyADIAMgA2ADgAMwA2ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=9edec2d5-63ee-409b-b503-d6472542af1a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3311 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a8fdf4b6-f390-4b8f-aaaa-d8a99b2bed7d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANgA4AC4ANAA0AC0AMQA1ADgANwAyADYAMwAyADIAMgA2ADgAMwA2ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3310 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a8fdf4b6-f390-4b8f-aaaa-d8a99b2bed7d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANgA4AC4ANAA0AC0AMQA1ADgANwAyADYAMwAyADIAMgA2ADgAMwA2ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3309 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a8fdf4b6-f390-4b8f-aaaa-d8a99b2bed7d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANgA4AC4ANAA0AC0AMQA1ADgANwAyADYAMwAyADIAMgA2ADgAMwA2ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3308 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a8fdf4b6-f390-4b8f-aaaa-d8a99b2bed7d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANgA4AC4ANAA0AC0AMQA1ADgANwAyADYAMwAyADIAMgA2ADgAMwA2ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3307 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a8fdf4b6-f390-4b8f-aaaa-d8a99b2bed7d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANgA4AC4ANAA0AC0AMQA1ADgANwAyADYAMwAyADIAMgA2ADgAMwA2ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3306 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a8fdf4b6-f390-4b8f-aaaa-d8a99b2bed7d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA5ADQANgA4AC4ANAA0AC0AMQA1ADgANwAyADYAMwAyADIAMgA2ADgAMwA2ADMAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3305 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=98de9856-a0a8-4286-b849-701face60955
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAGcAQQA0AEEAQwA0AEEATgBBAEEAMABBAEMAMABBAE0AUQBBADEAQQBEAGcAQQBOAHcAQQB5AEEARABZAEEATQB3AEEAeQBBAEQASQBBAE0AZwBBADIAQQBEAGcAQQBNAHcAQQAyAEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=6193e0fc-7d3e-45f7-80a2-890a27605255
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3304 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=98de9856-a0a8-4286-b849-701face60955
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAGcAQQA0AEEAQwA0AEEATgBBAEEAMABBAEMAMABBAE0AUQBBADEAQQBEAGcAQQBOAHcAQQB5AEEARABZAEEATQB3AEEAeQBBAEQASQBBAE0AZwBBADIAQQBEAGcAQQBNAHcAQQAyAEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3303 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=98de9856-a0a8-4286-b849-701face60955
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAGcAQQA0AEEAQwA0AEEATgBBAEEAMABBAEMAMABBAE0AUQBBADEAQQBEAGcAQQBOAHcAQQB5AEEARABZAEEATQB3AEEAeQBBAEQASQBBAE0AZwBBADIAQQBEAGcAQQBNAHcAQQAyAEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3302 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=98de9856-a0a8-4286-b849-701face60955
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAGcAQQA0AEEAQwA0AEEATgBBAEEAMABBAEMAMABBAE0AUQBBADEAQQBEAGcAQQBOAHcAQQB5AEEARABZAEEATQB3AEEAeQBBAEQASQBBAE0AZwBBADIAQQBEAGcAQQBNAHcAQQAyAEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3301 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=98de9856-a0a8-4286-b849-701face60955
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAGcAQQA0AEEAQwA0AEEATgBBAEEAMABBAEMAMABBAE0AUQBBADEAQQBEAGcAQQBOAHcAQQB5AEEARABZAEEATQB3AEEAeQBBAEQASQBBAE0AZwBBADIAQQBEAGcAQQBNAHcAQQAyAEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3300 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=98de9856-a0a8-4286-b849-701face60955
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAGcAQQA0AEEAQwA0AEEATgBBAEEAMABBAEMAMABBAE0AUQBBADEAQQBEAGcAQQBOAHcAQQB5AEEARABZAEEATQB3AEEAeQBBAEQASQBBAE0AZwBBADIAQQBEAGcAQQBNAHcAQQAyAEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3299 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=98de9856-a0a8-4286-b849-701face60955
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADUAQQBEAFEAQQBOAGcAQQA0AEEAQwA0AEEATgBBAEEAMABBAEMAMABBAE0AUQBBADEAQQBEAGcAQQBOAHcAQQB5AEEARABZAEEATQB3AEEAeQBBAEQASQBBAE0AZwBBADIAQQBEAGcAQQBNAHcAQQAyAEEARABNAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3298 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=36
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=022543bf-6038-40ea-ad12-f2577c833eec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4e21e116-94ec-41d4-9a22-bf99d0727712
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3297 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=34
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8b25f37c-e448-4f97-b86c-fd7d3bc35a72
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=706adc4f-d141-4d2f-9e71-1a7a7ee5836e
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3296 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8b25f37c-e448-4f97-b86c-fd7d3bc35a72
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=706adc4f-d141-4d2f-9e71-1a7a7ee5836e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3295 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8b25f37c-e448-4f97-b86c-fd7d3bc35a72
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3294 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8b25f37c-e448-4f97-b86c-fd7d3bc35a72
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3293 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8b25f37c-e448-4f97-b86c-fd7d3bc35a72
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3292 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8b25f37c-e448-4f97-b86c-fd7d3bc35a72
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3291 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8b25f37c-e448-4f97-b86c-fd7d3bc35a72
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3290 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8b25f37c-e448-4f97-b86c-fd7d3bc35a72
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3289 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8b25f37c-e448-4f97-b86c-fd7d3bc35a72
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3288 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8b25f37c-e448-4f97-b86c-fd7d3bc35a72
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3287 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=022543bf-6038-40ea-ad12-f2577c833eec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4e21e116-94ec-41d4-9a22-bf99d0727712
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3286 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=022543bf-6038-40ea-ad12-f2577c833eec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3285 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=022543bf-6038-40ea-ad12-f2577c833eec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3284 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=022543bf-6038-40ea-ad12-f2577c833eec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3283 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=022543bf-6038-40ea-ad12-f2577c833eec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3282 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=022543bf-6038-40ea-ad12-f2577c833eec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3281 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=022543bf-6038-40ea-ad12-f2577c833eec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3280 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:24:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d1d4853-3475-483f-9ef3-2b8c33d37f31
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=747e3057-2530-4fe0-bf95-5143958d1e32
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3279 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d4766f8-872f-442f-bbf8-39a7b549c9d1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=5.1.14393.1944
RunspaceId=9e1dc65f-3910-4e89-bc01-0ea909544f64
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3278 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d4766f8-872f-442f-bbf8-39a7b549c9d1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=5.1.14393.1944
RunspaceId=9e1dc65f-3910-4e89-bc01-0ea909544f64
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3277 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d4766f8-872f-442f-bbf8-39a7b549c9d1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3276 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d4766f8-872f-442f-bbf8-39a7b549c9d1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3275 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d4766f8-872f-442f-bbf8-39a7b549c9d1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3274 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d4766f8-872f-442f-bbf8-39a7b549c9d1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3273 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d4766f8-872f-442f-bbf8-39a7b549c9d1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3272 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d4766f8-872f-442f-bbf8-39a7b549c9d1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3271 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e90502e9-9502-41d6-873f-77878e489492
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=036bd471-cfd1-4bf2-ae4b-d943e712982c
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3270 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e90502e9-9502-41d6-873f-77878e489492
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=036bd471-cfd1-4bf2-ae4b-d943e712982c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3269 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e90502e9-9502-41d6-873f-77878e489492
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3268 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e90502e9-9502-41d6-873f-77878e489492
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3267 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e90502e9-9502-41d6-873f-77878e489492
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3266 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e90502e9-9502-41d6-873f-77878e489492
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3265 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e90502e9-9502-41d6-873f-77878e489492
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3264 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e90502e9-9502-41d6-873f-77878e489492
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3263 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e90502e9-9502-41d6-873f-77878e489492
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3262 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e90502e9-9502-41d6-873f-77878e489492
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3261 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d1d4853-3475-483f-9ef3-2b8c33d37f31
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=747e3057-2530-4fe0-bf95-5143958d1e32
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3260 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d1d4853-3475-483f-9ef3-2b8c33d37f31
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3259 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d1d4853-3475-483f-9ef3-2b8c33d37f31
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3258 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d1d4853-3475-483f-9ef3-2b8c33d37f31
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3257 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d1d4853-3475-483f-9ef3-2b8c33d37f31
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3256 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d1d4853-3475-483f-9ef3-2b8c33d37f31
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3255 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d1d4853-3475-483f-9ef3-2b8c33d37f31
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3254 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=37
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=975b7c4a-2738-4c13-9ee8-2de9599bd08f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=817928c3-6043-44fc-af46-ff22b5eed8d1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3253 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=35
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=baee9869-306e-4cb5-9506-206f989e68b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=73424b80-578a-4de5-9939-114724264660
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $platform_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Text;
namespace Ansible.PrivilegeUtil
{
[Flags]
public enum PrivilegeAttributes : uint
{
Disabled = 0x00000000,
EnabledByDefault = 0x00000001,
Enabled = 0x00000002,
Removed = 0x00000004,
UsedForAccess = 0x80000000,
}
internal class NativeHelpers
{
[StructLayout(LayoutKind.Sequential)]
internal struct LUID
{
public UInt32 LowPart;
public Int32 HighPart;
}
[StructLayout(LayoutKind.Sequential)]
internal struct LUID_AND_ATTRIBUTES
{
public LUID Luid;
public PrivilegeAttributes Attributes;
}
[StructLayout(LayoutKind.Sequential)]
internal struct TOKEN_PRIVILEGES
{
public UInt32 PrivilegeCount;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public LUID_AND_ATTRIBUTES[] Privileges;
}
}
internal class NativeMethods
{
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(
IntPtr TokenHandle,
[MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges,
IntPtr NewState,
UInt32 BufferLength,
IntPtr PreviousState,
out UInt32 ReturnLength);
[DllImport("kernel32.dll")]
internal static extern bool CloseHandle(
IntPtr hObject);
[DllImport("kernel32")]
internal static extern SafeWaitHandle GetCurrentProcess();
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool GetTokenInformation(
IntPtr TokenHandle,
UInt32 TokenInformationClass,
IntPtr TokenInformation,
UInt32 TokenInformationLength,
out UInt32 ReturnLength);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeName(
string lpSystemName,
ref NativeHelpers.LUID lpLuid,
StringBuilder lpName,
ref UInt32 cchName);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeValue(
string lpSystemName,
string lpName,
out NativeHelpers.LUID lpLuid);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool OpenProcessToken(
SafeHandle ProcessHandle,
TokenAccessLevels DesiredAccess,
out IntPtr TokenHandle);
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class Privileges
{
private static readonly UInt32 TOKEN_PRIVILEGES = 3;
public static bool CheckPrivilegeName(string name)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, name, out luid))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE
throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name));
return false;
}
else
{
return true;
}
}
public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } });
}
public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token)
{
return AdjustTokenPrivileges(token, null);
}
public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } });
}
public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token)
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken))
throw new Win32Exception("OpenProcessToken() failed");
Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>();
try
{
UInt32 tokenLength = 0;
NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength);
NativeHelpers.LUID_AND_ATTRIBUTES[] privileges;
IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength);
try
{
if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength))
throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed");
NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount];
PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(privilegesPtr);
}
info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes);
}
finally
{
NativeMethods.CloseHandle(hToken);
}
return info;
}
public static SafeWaitHandle GetCurrentProcess()
{
return NativeMethods.GetCurrentProcess();
}
public static void RemovePrivilege(SafeHandle token, string privilege)
{
SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } });
}
public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state)
{
NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count];
int i = 0;
foreach (KeyValuePair<string, bool?> entry in state)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid))
throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key));
PrivilegeAttributes attributes;
switch (entry.Value)
{
case true:
attributes = PrivilegeAttributes.Enabled;
break;
case false:
attributes = PrivilegeAttributes.Disabled;
break;
default:
attributes = PrivilegeAttributes.Removed;
break;
}
privilegeAttr[i].Luid = luid;
privilegeAttr[i].Attributes = attributes;
i++;
}
return AdjustTokenPrivileges(token, privilegeAttr);
}
private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState)
{
bool disableAllPrivileges;
IntPtr newStatePtr;
NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges;
UInt32 returnLength;
if (newState == null)
{
disableAllPrivileges = true;
newStatePtr = IntPtr.Zero;
}
else
{
disableAllPrivileges = false;
// Need to manually marshal the bytes requires for newState as the constant size
// of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES
// always contains at least 1 entry so we need to calculate the extra size if there are
// nore than 1 LUID_AND_ATTRIBUTES entry
int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES));
int luidAttrSize = 0;
if (newState.Length > 1)
luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1);
int totalSize = tokenPrivilegesSize + luidAttrSize;
byte[] newStateBytes = new byte[totalSize];
// get the first entry that includes the struct details
NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES()
{
PrivilegeCount = (UInt32)newState.Length,
Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1],
};
if (newState.Length > 0)
tokenPrivileges.Privileges[0] = newState[0];
int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0);
// copy the remaining LUID_AND_ATTRIBUTES (if any)
for (int i = 1; i < newState.Length; i++)
offset += StructureToBytes(newState[i], newStateBytes, offset);
// finally create the pointer to the byte array we just created
newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length);
Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length);
}
try
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken))
throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges");
try
{
IntPtr oldStatePtr = Marshal.AllocHGlobal(0);
if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size");
}
// resize the oldStatePtr based on the length returned from Windows
Marshal.FreeHGlobal(oldStatePtr);
oldStatePtr = Marshal.AllocHGlobal((int)returnLength);
try
{
bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength);
int errCode = Marshal.GetLastWin32Error();
// even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code
if (!res || errCode != 0)
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed");
// Marshal the oldStatePtr to the struct
NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount];
PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(oldStatePtr);
}
}
finally
{
NativeMethods.CloseHandle(hToken);
}
}
finally
{
if (newStatePtr != IntPtr.Zero)
Marshal.FreeHGlobal(newStatePtr);
}
return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled));
}
private static string GetPrivilegeName(NativeHelpers.LUID luid)
{
UInt32 nameLen = 0;
NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen);
StringBuilder name = new StringBuilder((int)(nameLen + 1));
if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen))
throw new Win32Exception("LookupPrivilegeName() failed");
return name.ToString();
}
private static void PtrToStructureArray<T>(T[] array, IntPtr ptr)
{
IntPtr ptrOffset = ptr;
for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T))))
array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T));
}
private static int StructureToBytes<T>(T structure, byte[] array, int offset)
{
int size = Marshal.SizeOf(structure);
IntPtr structPtr = Marshal.AllocHGlobal(size);
try
{
Marshal.StructureToPtr(structure, structPtr, false);
Marshal.Copy(structPtr, array, offset, size);
}
finally
{
Marshal.FreeHGlobal(structPtr);
}
return size;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3252 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $link_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=baee9869-306e-4cb5-9506-206f989e68b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=73424b80-578a-4de5-9939-114724264660
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $link_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
namespace Ansible
{
public enum LinkType
{
SymbolicLink,
JunctionPoint,
HardLink
}
public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); }
}
public class LinkInfo
{
public LinkType Type { get; internal set; }
public string PrintName { get; internal set; }
public string SubstituteName { get; internal set; }
public string AbsolutePath { get; internal set; }
public string TargetPath { get; internal set; }
public string[] HardTargets { get; internal set; }
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct REPARSE_DATA_BUFFER
{
public UInt32 ReparseTag;
public UInt16 ReparseDataLength;
public UInt16 Reserved;
public UInt16 SubstituteNameOffset;
public UInt16 SubstituteNameLength;
public UInt16 PrintNameOffset;
public UInt16 PrintNameLength;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)]
public char[] PathBuffer;
}
public class LinkUtil
{
public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16;
private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000;
private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000;
private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8;
private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4;
private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000;
private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003;
private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C;
private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001;
private const Int64 INVALID_HANDLE_VALUE = -1;
private const UInt32 SIZE_OF_WCHAR = 2;
private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000;
private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001;
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private static extern SafeFileHandle CreateFile(
string lpFileName,
[MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess,
[MarshalAs(UnmanagedType.U4)] FileShare dwShareMode,
IntPtr lpSecurityAttributes,
[MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition,
UInt32 dwFlagsAndAttributes,
IntPtr hTemplateFile);
// Used by GetReparsePointInfo()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
IntPtr lpInBuffer,
UInt32 nInBufferSize,
out REPARSE_DATA_BUFFER lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
// Used by CreateJunctionPoint()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
REPARSE_DATA_BUFFER lpInBuffer,
UInt32 nInBufferSize,
IntPtr lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool GetVolumePathName(
string lpszFileName,
StringBuilder lpszVolumePathName,
ref UInt32 cchBufferLength);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern IntPtr FindFirstFileNameW(
string lpFileName,
UInt32 dwFlags,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool FindNextFileNameW(
IntPtr hFindStream,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool FindClose(
IntPtr hFindFile);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool RemoveDirectory(
string lpPathName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeleteFile(
string lpFileName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateSymbolicLink(
string lpSymlinkFileName,
string lpTargetFileName,
UInt32 dwFlags);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateHardLink(
string lpFileName,
string lpExistingFileName,
IntPtr lpSecurityAttributes);
public static LinkInfo GetLinkInfo(string linkPath)
{
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.ReparsePoint))
return GetReparsePointInfo(linkPath);
if (!attr.HasFlag(FileAttributes.Directory))
return GetHardLinkInfo(linkPath);
return null;
}
public static void DeleteLink(string linkPath)
{
bool success;
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.Directory))
{
success = RemoveDirectory(linkPath);
}
else
{
success = DeleteFile(linkPath);
}
if (!success)
throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath));
}
public static void CreateLink(string linkPath, String linkTarget, LinkType linkType)
{
switch (linkType)
{
case LinkType.SymbolicLink:
UInt32 linkFlags;
FileAttributes attr = File.GetAttributes(linkTarget);
if (attr.HasFlag(FileAttributes.Directory))
linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY;
else
linkFlags = SYMBOLIC_LINK_FLAG_FILE;
if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags))
throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags));
break;
case LinkType.JunctionPoint:
CreateJunctionPoint(linkPath, linkTarget);
break;
case LinkType.HardLink:
if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget));
break;
}
}
private static LinkInfo GetHardLinkInfo(string linkPath)
{
UInt32 maxPath = 260;
List<string> result = new List<string>();
StringBuilder sb = new StringBuilder((int)maxPath);
UInt32 stringLength = maxPath;
if (!GetVolumePathName(linkPath, sb, ref stringLength))
throw new LinkUtilWin32Exception("GetVolumePathName() failed");
string volume = sb.ToString();
stringLength = maxPath;
IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb);
if (findHandle.ToInt64() != INVALID_HANDLE_VALUE)
{
try
{
do
{
string hardLinkPath = sb.ToString();
if (hardLinkPath.StartsWith("\\"))
hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1);
result.Add(Path.Combine(volume, hardLinkPath));
stringLength = maxPath;
} while (FindNextFileNameW(findHandle, ref stringLength, sb));
}
finally
{
FindClose(findHandle);
}
}
if (result.Count > 1)
return new LinkInfo
{
Type = LinkType.HardLink,
HardTargets = result.ToArray()
};
return null;
}
private static LinkInfo GetReparsePointInfo(string linkPath)
{
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Read,
FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
UInt32 bytesReturned;
try
{
if (!DeviceIoControl(
fileHandle,
FSCTL_GET_REPARSE_POINT,
IntPtr.Zero,
0,
out buffer,
MAXIMUM_REPARSE_DATA_BUFFER_SIZE,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath));
}
finally
{
fileHandle.Dispose();
}
bool isRelative = false;
int pathOffset = 0;
LinkType linkType;
if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK)
{
UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]);
if (bufferFlags == SYMLINK_FLAG_RELATIVE)
isRelative = true;
pathOffset = 2;
linkType = LinkType.SymbolicLink;
}
else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT)
{
linkType = LinkType.JunctionPoint;
}
else
{
string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString());
throw new Exception(errorMessage);
}
string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR));
string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR));
// TODO: should we check for \?\UNC\server for convert it to the NT style \\server path
// Remove the leading Windows object directory \?\ from the path if present
string targetPath = substituteName;
if (targetPath.StartsWith("\\??\\"))
targetPath = targetPath.Substring(4, targetPath.Length - 4);
string absolutePath = targetPath;
if (isRelative)
absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath));
return new LinkInfo
{
Type = linkType,
PrintName = printName,
SubstituteName = substituteName,
AbsolutePath = absolutePath,
TargetPath = targetPath
};
}
private static void CreateJunctionPoint(string linkPath, string linkTarget)
{
// We need to create the link as a dir beforehand
Directory.CreateDirectory(linkPath);
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Write,
FileShare.Read | FileShare.Write | FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
try
{
string substituteName = "\\??\\" + Path.GetFullPath(linkTarget);
string printName = linkTarget;
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
buffer.SubstituteNameOffset = 0;
buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR);
buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2);
buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR);
buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT;
buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12);
buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE];
byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName);
char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes);
Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length);
UInt32 bytesReturned;
if (!DeviceIoControl(
fileHandle,
FSCTL_SET_REPARSE_POINT,
buffer,
(UInt32)(buffer.ReparseDataLength + 8),
IntPtr.Zero, 0,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget));
}
finally
{
fileHandle.Dispose();
}
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3251 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=baee9869-306e-4cb5-9506-206f989e68b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=73424b80-578a-4de5-9939-114724264660
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3250 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=baee9869-306e-4cb5-9506-206f989e68b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3249 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=baee9869-306e-4cb5-9506-206f989e68b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3248 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=baee9869-306e-4cb5-9506-206f989e68b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3247 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=baee9869-306e-4cb5-9506-206f989e68b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3246 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=baee9869-306e-4cb5-9506-206f989e68b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3245 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=baee9869-306e-4cb5-9506-206f989e68b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3244 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=baee9869-306e-4cb5-9506-206f989e68b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3243 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=baee9869-306e-4cb5-9506-206f989e68b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3242 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=975b7c4a-2738-4c13-9ee8-2de9599bd08f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=817928c3-6043-44fc-af46-ff22b5eed8d1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3241 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=975b7c4a-2738-4c13-9ee8-2de9599bd08f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3240 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=975b7c4a-2738-4c13-9ee8-2de9599bd08f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3239 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=975b7c4a-2738-4c13-9ee8-2de9599bd08f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3238 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=975b7c4a-2738-4c13-9ee8-2de9599bd08f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3237 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=975b7c4a-2738-4c13-9ee8-2de9599bd08f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3236 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=975b7c4a-2738-4c13-9ee8-2de9599bd08f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3235 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d74dda6f-615f-4956-b579-007c021c9a3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ee302252-e081-4ebd-aa00-74a50ae9ee18
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3234 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b895425e-d11b-4bee-b4b6-c72eb46bcf9b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=5.1.14393.1944
RunspaceId=020a3777-1618-4e46-aa20-f18e87229964
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3233 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b895425e-d11b-4bee-b4b6-c72eb46bcf9b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=5.1.14393.1944
RunspaceId=020a3777-1618-4e46-aa20-f18e87229964
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3232 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b895425e-d11b-4bee-b4b6-c72eb46bcf9b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3231 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b895425e-d11b-4bee-b4b6-c72eb46bcf9b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3230 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b895425e-d11b-4bee-b4b6-c72eb46bcf9b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3229 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b895425e-d11b-4bee-b4b6-c72eb46bcf9b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3228 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b895425e-d11b-4bee-b4b6-c72eb46bcf9b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3227 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b895425e-d11b-4bee-b4b6-c72eb46bcf9b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3226 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09e238ce-1bd6-422a-ba8b-36f8e1235f5f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=67df1b87-f57d-44b6-80ad-01a01442ad0d
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3225 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09e238ce-1bd6-422a-ba8b-36f8e1235f5f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=67df1b87-f57d-44b6-80ad-01a01442ad0d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3224 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09e238ce-1bd6-422a-ba8b-36f8e1235f5f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3223 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09e238ce-1bd6-422a-ba8b-36f8e1235f5f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3222 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09e238ce-1bd6-422a-ba8b-36f8e1235f5f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3221 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09e238ce-1bd6-422a-ba8b-36f8e1235f5f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3220 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09e238ce-1bd6-422a-ba8b-36f8e1235f5f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3219 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09e238ce-1bd6-422a-ba8b-36f8e1235f5f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3218 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09e238ce-1bd6-422a-ba8b-36f8e1235f5f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3217 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09e238ce-1bd6-422a-ba8b-36f8e1235f5f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3216 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d74dda6f-615f-4956-b579-007c021c9a3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ee302252-e081-4ebd-aa00-74a50ae9ee18
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3215 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d74dda6f-615f-4956-b579-007c021c9a3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3214 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d74dda6f-615f-4956-b579-007c021c9a3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3213 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d74dda6f-615f-4956-b579-007c021c9a3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3212 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d74dda6f-615f-4956-b579-007c021c9a3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3211 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d74dda6f-615f-4956-b579-007c021c9a3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3210 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d74dda6f-615f-4956-b579-007c021c9a3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3209 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=37
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f51ebef-a20f-4297-b0b4-544f546eed62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=89872a5d-321b-4812-93df-526c6cb319da
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3208 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=35
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ecccbf98-75c4-4554-875a-2154861376d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=457ee68c-b4fc-4ee3-8d35-20250f22d0af
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $platform_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Text;
namespace Ansible.PrivilegeUtil
{
[Flags]
public enum PrivilegeAttributes : uint
{
Disabled = 0x00000000,
EnabledByDefault = 0x00000001,
Enabled = 0x00000002,
Removed = 0x00000004,
UsedForAccess = 0x80000000,
}
internal class NativeHelpers
{
[StructLayout(LayoutKind.Sequential)]
internal struct LUID
{
public UInt32 LowPart;
public Int32 HighPart;
}
[StructLayout(LayoutKind.Sequential)]
internal struct LUID_AND_ATTRIBUTES
{
public LUID Luid;
public PrivilegeAttributes Attributes;
}
[StructLayout(LayoutKind.Sequential)]
internal struct TOKEN_PRIVILEGES
{
public UInt32 PrivilegeCount;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public LUID_AND_ATTRIBUTES[] Privileges;
}
}
internal class NativeMethods
{
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(
IntPtr TokenHandle,
[MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges,
IntPtr NewState,
UInt32 BufferLength,
IntPtr PreviousState,
out UInt32 ReturnLength);
[DllImport("kernel32.dll")]
internal static extern bool CloseHandle(
IntPtr hObject);
[DllImport("kernel32")]
internal static extern SafeWaitHandle GetCurrentProcess();
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool GetTokenInformation(
IntPtr TokenHandle,
UInt32 TokenInformationClass,
IntPtr TokenInformation,
UInt32 TokenInformationLength,
out UInt32 ReturnLength);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeName(
string lpSystemName,
ref NativeHelpers.LUID lpLuid,
StringBuilder lpName,
ref UInt32 cchName);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeValue(
string lpSystemName,
string lpName,
out NativeHelpers.LUID lpLuid);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool OpenProcessToken(
SafeHandle ProcessHandle,
TokenAccessLevels DesiredAccess,
out IntPtr TokenHandle);
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class Privileges
{
private static readonly UInt32 TOKEN_PRIVILEGES = 3;
public static bool CheckPrivilegeName(string name)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, name, out luid))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE
throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name));
return false;
}
else
{
return true;
}
}
public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } });
}
public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token)
{
return AdjustTokenPrivileges(token, null);
}
public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } });
}
public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token)
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken))
throw new Win32Exception("OpenProcessToken() failed");
Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>();
try
{
UInt32 tokenLength = 0;
NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength);
NativeHelpers.LUID_AND_ATTRIBUTES[] privileges;
IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength);
try
{
if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength))
throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed");
NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount];
PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(privilegesPtr);
}
info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes);
}
finally
{
NativeMethods.CloseHandle(hToken);
}
return info;
}
public static SafeWaitHandle GetCurrentProcess()
{
return NativeMethods.GetCurrentProcess();
}
public static void RemovePrivilege(SafeHandle token, string privilege)
{
SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } });
}
public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state)
{
NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count];
int i = 0;
foreach (KeyValuePair<string, bool?> entry in state)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid))
throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key));
PrivilegeAttributes attributes;
switch (entry.Value)
{
case true:
attributes = PrivilegeAttributes.Enabled;
break;
case false:
attributes = PrivilegeAttributes.Disabled;
break;
default:
attributes = PrivilegeAttributes.Removed;
break;
}
privilegeAttr[i].Luid = luid;
privilegeAttr[i].Attributes = attributes;
i++;
}
return AdjustTokenPrivileges(token, privilegeAttr);
}
private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState)
{
bool disableAllPrivileges;
IntPtr newStatePtr;
NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges;
UInt32 returnLength;
if (newState == null)
{
disableAllPrivileges = true;
newStatePtr = IntPtr.Zero;
}
else
{
disableAllPrivileges = false;
// Need to manually marshal the bytes requires for newState as the constant size
// of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES
// always contains at least 1 entry so we need to calculate the extra size if there are
// nore than 1 LUID_AND_ATTRIBUTES entry
int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES));
int luidAttrSize = 0;
if (newState.Length > 1)
luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1);
int totalSize = tokenPrivilegesSize + luidAttrSize;
byte[] newStateBytes = new byte[totalSize];
// get the first entry that includes the struct details
NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES()
{
PrivilegeCount = (UInt32)newState.Length,
Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1],
};
if (newState.Length > 0)
tokenPrivileges.Privileges[0] = newState[0];
int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0);
// copy the remaining LUID_AND_ATTRIBUTES (if any)
for (int i = 1; i < newState.Length; i++)
offset += StructureToBytes(newState[i], newStateBytes, offset);
// finally create the pointer to the byte array we just created
newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length);
Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length);
}
try
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken))
throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges");
try
{
IntPtr oldStatePtr = Marshal.AllocHGlobal(0);
if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size");
}
// resize the oldStatePtr based on the length returned from Windows
Marshal.FreeHGlobal(oldStatePtr);
oldStatePtr = Marshal.AllocHGlobal((int)returnLength);
try
{
bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength);
int errCode = Marshal.GetLastWin32Error();
// even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code
if (!res || errCode != 0)
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed");
// Marshal the oldStatePtr to the struct
NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount];
PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(oldStatePtr);
}
}
finally
{
NativeMethods.CloseHandle(hToken);
}
}
finally
{
if (newStatePtr != IntPtr.Zero)
Marshal.FreeHGlobal(newStatePtr);
}
return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled));
}
private static string GetPrivilegeName(NativeHelpers.LUID luid)
{
UInt32 nameLen = 0;
NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen);
StringBuilder name = new StringBuilder((int)(nameLen + 1));
if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen))
throw new Win32Exception("LookupPrivilegeName() failed");
return name.ToString();
}
private static void PtrToStructureArray<T>(T[] array, IntPtr ptr)
{
IntPtr ptrOffset = ptr;
for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T))))
array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T));
}
private static int StructureToBytes<T>(T structure, byte[] array, int offset)
{
int size = Marshal.SizeOf(structure);
IntPtr structPtr = Marshal.AllocHGlobal(size);
try
{
Marshal.StructureToPtr(structure, structPtr, false);
Marshal.Copy(structPtr, array, offset, size);
}
finally
{
Marshal.FreeHGlobal(structPtr);
}
return size;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3207 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $link_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ecccbf98-75c4-4554-875a-2154861376d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=457ee68c-b4fc-4ee3-8d35-20250f22d0af
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $link_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
namespace Ansible
{
public enum LinkType
{
SymbolicLink,
JunctionPoint,
HardLink
}
public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); }
}
public class LinkInfo
{
public LinkType Type { get; internal set; }
public string PrintName { get; internal set; }
public string SubstituteName { get; internal set; }
public string AbsolutePath { get; internal set; }
public string TargetPath { get; internal set; }
public string[] HardTargets { get; internal set; }
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct REPARSE_DATA_BUFFER
{
public UInt32 ReparseTag;
public UInt16 ReparseDataLength;
public UInt16 Reserved;
public UInt16 SubstituteNameOffset;
public UInt16 SubstituteNameLength;
public UInt16 PrintNameOffset;
public UInt16 PrintNameLength;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)]
public char[] PathBuffer;
}
public class LinkUtil
{
public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16;
private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000;
private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000;
private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8;
private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4;
private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000;
private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003;
private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C;
private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001;
private const Int64 INVALID_HANDLE_VALUE = -1;
private const UInt32 SIZE_OF_WCHAR = 2;
private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000;
private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001;
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private static extern SafeFileHandle CreateFile(
string lpFileName,
[MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess,
[MarshalAs(UnmanagedType.U4)] FileShare dwShareMode,
IntPtr lpSecurityAttributes,
[MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition,
UInt32 dwFlagsAndAttributes,
IntPtr hTemplateFile);
// Used by GetReparsePointInfo()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
IntPtr lpInBuffer,
UInt32 nInBufferSize,
out REPARSE_DATA_BUFFER lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
// Used by CreateJunctionPoint()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
REPARSE_DATA_BUFFER lpInBuffer,
UInt32 nInBufferSize,
IntPtr lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool GetVolumePathName(
string lpszFileName,
StringBuilder lpszVolumePathName,
ref UInt32 cchBufferLength);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern IntPtr FindFirstFileNameW(
string lpFileName,
UInt32 dwFlags,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool FindNextFileNameW(
IntPtr hFindStream,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool FindClose(
IntPtr hFindFile);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool RemoveDirectory(
string lpPathName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeleteFile(
string lpFileName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateSymbolicLink(
string lpSymlinkFileName,
string lpTargetFileName,
UInt32 dwFlags);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateHardLink(
string lpFileName,
string lpExistingFileName,
IntPtr lpSecurityAttributes);
public static LinkInfo GetLinkInfo(string linkPath)
{
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.ReparsePoint))
return GetReparsePointInfo(linkPath);
if (!attr.HasFlag(FileAttributes.Directory))
return GetHardLinkInfo(linkPath);
return null;
}
public static void DeleteLink(string linkPath)
{
bool success;
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.Directory))
{
success = RemoveDirectory(linkPath);
}
else
{
success = DeleteFile(linkPath);
}
if (!success)
throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath));
}
public static void CreateLink(string linkPath, String linkTarget, LinkType linkType)
{
switch (linkType)
{
case LinkType.SymbolicLink:
UInt32 linkFlags;
FileAttributes attr = File.GetAttributes(linkTarget);
if (attr.HasFlag(FileAttributes.Directory))
linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY;
else
linkFlags = SYMBOLIC_LINK_FLAG_FILE;
if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags))
throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags));
break;
case LinkType.JunctionPoint:
CreateJunctionPoint(linkPath, linkTarget);
break;
case LinkType.HardLink:
if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget));
break;
}
}
private static LinkInfo GetHardLinkInfo(string linkPath)
{
UInt32 maxPath = 260;
List<string> result = new List<string>();
StringBuilder sb = new StringBuilder((int)maxPath);
UInt32 stringLength = maxPath;
if (!GetVolumePathName(linkPath, sb, ref stringLength))
throw new LinkUtilWin32Exception("GetVolumePathName() failed");
string volume = sb.ToString();
stringLength = maxPath;
IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb);
if (findHandle.ToInt64() != INVALID_HANDLE_VALUE)
{
try
{
do
{
string hardLinkPath = sb.ToString();
if (hardLinkPath.StartsWith("\\"))
hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1);
result.Add(Path.Combine(volume, hardLinkPath));
stringLength = maxPath;
} while (FindNextFileNameW(findHandle, ref stringLength, sb));
}
finally
{
FindClose(findHandle);
}
}
if (result.Count > 1)
return new LinkInfo
{
Type = LinkType.HardLink,
HardTargets = result.ToArray()
};
return null;
}
private static LinkInfo GetReparsePointInfo(string linkPath)
{
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Read,
FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
UInt32 bytesReturned;
try
{
if (!DeviceIoControl(
fileHandle,
FSCTL_GET_REPARSE_POINT,
IntPtr.Zero,
0,
out buffer,
MAXIMUM_REPARSE_DATA_BUFFER_SIZE,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath));
}
finally
{
fileHandle.Dispose();
}
bool isRelative = false;
int pathOffset = 0;
LinkType linkType;
if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK)
{
UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]);
if (bufferFlags == SYMLINK_FLAG_RELATIVE)
isRelative = true;
pathOffset = 2;
linkType = LinkType.SymbolicLink;
}
else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT)
{
linkType = LinkType.JunctionPoint;
}
else
{
string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString());
throw new Exception(errorMessage);
}
string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR));
string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR));
// TODO: should we check for \?\UNC\server for convert it to the NT style \\server path
// Remove the leading Windows object directory \?\ from the path if present
string targetPath = substituteName;
if (targetPath.StartsWith("\\??\\"))
targetPath = targetPath.Substring(4, targetPath.Length - 4);
string absolutePath = targetPath;
if (isRelative)
absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath));
return new LinkInfo
{
Type = linkType,
PrintName = printName,
SubstituteName = substituteName,
AbsolutePath = absolutePath,
TargetPath = targetPath
};
}
private static void CreateJunctionPoint(string linkPath, string linkTarget)
{
// We need to create the link as a dir beforehand
Directory.CreateDirectory(linkPath);
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Write,
FileShare.Read | FileShare.Write | FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
try
{
string substituteName = "\\??\\" + Path.GetFullPath(linkTarget);
string printName = linkTarget;
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
buffer.SubstituteNameOffset = 0;
buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR);
buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2);
buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR);
buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT;
buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12);
buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE];
byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName);
char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes);
Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length);
UInt32 bytesReturned;
if (!DeviceIoControl(
fileHandle,
FSCTL_SET_REPARSE_POINT,
buffer,
(UInt32)(buffer.ReparseDataLength + 8),
IntPtr.Zero, 0,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget));
}
finally
{
fileHandle.Dispose();
}
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3206 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ecccbf98-75c4-4554-875a-2154861376d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=457ee68c-b4fc-4ee3-8d35-20250f22d0af
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3205 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ecccbf98-75c4-4554-875a-2154861376d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3204 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ecccbf98-75c4-4554-875a-2154861376d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3203 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ecccbf98-75c4-4554-875a-2154861376d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3202 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ecccbf98-75c4-4554-875a-2154861376d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3201 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ecccbf98-75c4-4554-875a-2154861376d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3200 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ecccbf98-75c4-4554-875a-2154861376d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3199 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ecccbf98-75c4-4554-875a-2154861376d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3198 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ecccbf98-75c4-4554-875a-2154861376d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3197 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f51ebef-a20f-4297-b0b4-544f546eed62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=89872a5d-321b-4812-93df-526c6cb319da
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3196 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f51ebef-a20f-4297-b0b4-544f546eed62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3195 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f51ebef-a20f-4297-b0b4-544f546eed62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3194 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f51ebef-a20f-4297-b0b4-544f546eed62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3193 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f51ebef-a20f-4297-b0b4-544f546eed62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3192 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f51ebef-a20f-4297-b0b4-544f546eed62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3191 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f51ebef-a20f-4297-b0b4-544f546eed62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3190 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba34245b-6c43-4257-97e0-67c5bb0a1389
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=dcc1fa18-8f0c-417e-9695-90ede3d61737
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3189 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=65c29f6a-14f6-4c02-9418-2a401d8e6174
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=5d930aae-731b-4e72-94ec-80f0496a72f0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3188 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=65c29f6a-14f6-4c02-9418-2a401d8e6174
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=5d930aae-731b-4e72-94ec-80f0496a72f0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3187 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=65c29f6a-14f6-4c02-9418-2a401d8e6174
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3186 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=65c29f6a-14f6-4c02-9418-2a401d8e6174
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3185 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=65c29f6a-14f6-4c02-9418-2a401d8e6174
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3184 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=65c29f6a-14f6-4c02-9418-2a401d8e6174
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3183 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=65c29f6a-14f6-4c02-9418-2a401d8e6174
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3182 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=65c29f6a-14f6-4c02-9418-2a401d8e6174
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3181 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=264d7fbc-1318-4218-8125-aa37ce912949
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=87ff9422-03d7-4fae-b0a4-e6d792c68f4a
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3180 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=264d7fbc-1318-4218-8125-aa37ce912949
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=87ff9422-03d7-4fae-b0a4-e6d792c68f4a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3179 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=264d7fbc-1318-4218-8125-aa37ce912949
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3178 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=264d7fbc-1318-4218-8125-aa37ce912949
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3177 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=264d7fbc-1318-4218-8125-aa37ce912949
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3176 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=264d7fbc-1318-4218-8125-aa37ce912949
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3175 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=264d7fbc-1318-4218-8125-aa37ce912949
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3174 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=264d7fbc-1318-4218-8125-aa37ce912949
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3173 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=264d7fbc-1318-4218-8125-aa37ce912949
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3172 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=264d7fbc-1318-4218-8125-aa37ce912949
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3171 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba34245b-6c43-4257-97e0-67c5bb0a1389
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=dcc1fa18-8f0c-417e-9695-90ede3d61737
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3170 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba34245b-6c43-4257-97e0-67c5bb0a1389
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3169 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba34245b-6c43-4257-97e0-67c5bb0a1389
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3168 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba34245b-6c43-4257-97e0-67c5bb0a1389
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3167 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba34245b-6c43-4257-97e0-67c5bb0a1389
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3166 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba34245b-6c43-4257-97e0-67c5bb0a1389
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3165 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba34245b-6c43-4257-97e0-67c5bb0a1389
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3164 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=37
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a3ca6f9-6465-4446-8412-9512c5d265d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3f1c9afc-e894-416e-b8b7-176ffb5e6b81
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3163 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=35
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9826d90c-660b-406e-841e-8556e4174782
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a64a3b7d-4a4c-4b16-9b82-e150af4d8780
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $platform_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Text;
namespace Ansible.PrivilegeUtil
{
[Flags]
public enum PrivilegeAttributes : uint
{
Disabled = 0x00000000,
EnabledByDefault = 0x00000001,
Enabled = 0x00000002,
Removed = 0x00000004,
UsedForAccess = 0x80000000,
}
internal class NativeHelpers
{
[StructLayout(LayoutKind.Sequential)]
internal struct LUID
{
public UInt32 LowPart;
public Int32 HighPart;
}
[StructLayout(LayoutKind.Sequential)]
internal struct LUID_AND_ATTRIBUTES
{
public LUID Luid;
public PrivilegeAttributes Attributes;
}
[StructLayout(LayoutKind.Sequential)]
internal struct TOKEN_PRIVILEGES
{
public UInt32 PrivilegeCount;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public LUID_AND_ATTRIBUTES[] Privileges;
}
}
internal class NativeMethods
{
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(
IntPtr TokenHandle,
[MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges,
IntPtr NewState,
UInt32 BufferLength,
IntPtr PreviousState,
out UInt32 ReturnLength);
[DllImport("kernel32.dll")]
internal static extern bool CloseHandle(
IntPtr hObject);
[DllImport("kernel32")]
internal static extern SafeWaitHandle GetCurrentProcess();
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool GetTokenInformation(
IntPtr TokenHandle,
UInt32 TokenInformationClass,
IntPtr TokenInformation,
UInt32 TokenInformationLength,
out UInt32 ReturnLength);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeName(
string lpSystemName,
ref NativeHelpers.LUID lpLuid,
StringBuilder lpName,
ref UInt32 cchName);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeValue(
string lpSystemName,
string lpName,
out NativeHelpers.LUID lpLuid);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool OpenProcessToken(
SafeHandle ProcessHandle,
TokenAccessLevels DesiredAccess,
out IntPtr TokenHandle);
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class Privileges
{
private static readonly UInt32 TOKEN_PRIVILEGES = 3;
public static bool CheckPrivilegeName(string name)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, name, out luid))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE
throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name));
return false;
}
else
{
return true;
}
}
public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } });
}
public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token)
{
return AdjustTokenPrivileges(token, null);
}
public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } });
}
public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token)
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken))
throw new Win32Exception("OpenProcessToken() failed");
Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>();
try
{
UInt32 tokenLength = 0;
NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength);
NativeHelpers.LUID_AND_ATTRIBUTES[] privileges;
IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength);
try
{
if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength))
throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed");
NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount];
PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(privilegesPtr);
}
info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes);
}
finally
{
NativeMethods.CloseHandle(hToken);
}
return info;
}
public static SafeWaitHandle GetCurrentProcess()
{
return NativeMethods.GetCurrentProcess();
}
public static void RemovePrivilege(SafeHandle token, string privilege)
{
SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } });
}
public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state)
{
NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count];
int i = 0;
foreach (KeyValuePair<string, bool?> entry in state)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid))
throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key));
PrivilegeAttributes attributes;
switch (entry.Value)
{
case true:
attributes = PrivilegeAttributes.Enabled;
break;
case false:
attributes = PrivilegeAttributes.Disabled;
break;
default:
attributes = PrivilegeAttributes.Removed;
break;
}
privilegeAttr[i].Luid = luid;
privilegeAttr[i].Attributes = attributes;
i++;
}
return AdjustTokenPrivileges(token, privilegeAttr);
}
private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState)
{
bool disableAllPrivileges;
IntPtr newStatePtr;
NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges;
UInt32 returnLength;
if (newState == null)
{
disableAllPrivileges = true;
newStatePtr = IntPtr.Zero;
}
else
{
disableAllPrivileges = false;
// Need to manually marshal the bytes requires for newState as the constant size
// of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES
// always contains at least 1 entry so we need to calculate the extra size if there are
// nore than 1 LUID_AND_ATTRIBUTES entry
int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES));
int luidAttrSize = 0;
if (newState.Length > 1)
luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1);
int totalSize = tokenPrivilegesSize + luidAttrSize;
byte[] newStateBytes = new byte[totalSize];
// get the first entry that includes the struct details
NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES()
{
PrivilegeCount = (UInt32)newState.Length,
Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1],
};
if (newState.Length > 0)
tokenPrivileges.Privileges[0] = newState[0];
int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0);
// copy the remaining LUID_AND_ATTRIBUTES (if any)
for (int i = 1; i < newState.Length; i++)
offset += StructureToBytes(newState[i], newStateBytes, offset);
// finally create the pointer to the byte array we just created
newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length);
Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length);
}
try
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken))
throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges");
try
{
IntPtr oldStatePtr = Marshal.AllocHGlobal(0);
if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size");
}
// resize the oldStatePtr based on the length returned from Windows
Marshal.FreeHGlobal(oldStatePtr);
oldStatePtr = Marshal.AllocHGlobal((int)returnLength);
try
{
bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength);
int errCode = Marshal.GetLastWin32Error();
// even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code
if (!res || errCode != 0)
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed");
// Marshal the oldStatePtr to the struct
NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount];
PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(oldStatePtr);
}
}
finally
{
NativeMethods.CloseHandle(hToken);
}
}
finally
{
if (newStatePtr != IntPtr.Zero)
Marshal.FreeHGlobal(newStatePtr);
}
return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled));
}
private static string GetPrivilegeName(NativeHelpers.LUID luid)
{
UInt32 nameLen = 0;
NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen);
StringBuilder name = new StringBuilder((int)(nameLen + 1));
if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen))
throw new Win32Exception("LookupPrivilegeName() failed");
return name.ToString();
}
private static void PtrToStructureArray<T>(T[] array, IntPtr ptr)
{
IntPtr ptrOffset = ptr;
for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T))))
array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T));
}
private static int StructureToBytes<T>(T structure, byte[] array, int offset)
{
int size = Marshal.SizeOf(structure);
IntPtr structPtr = Marshal.AllocHGlobal(size);
try
{
Marshal.StructureToPtr(structure, structPtr, false);
Marshal.Copy(structPtr, array, offset, size);
}
finally
{
Marshal.FreeHGlobal(structPtr);
}
return size;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3162 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $link_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9826d90c-660b-406e-841e-8556e4174782
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a64a3b7d-4a4c-4b16-9b82-e150af4d8780
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $link_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
namespace Ansible
{
public enum LinkType
{
SymbolicLink,
JunctionPoint,
HardLink
}
public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); }
}
public class LinkInfo
{
public LinkType Type { get; internal set; }
public string PrintName { get; internal set; }
public string SubstituteName { get; internal set; }
public string AbsolutePath { get; internal set; }
public string TargetPath { get; internal set; }
public string[] HardTargets { get; internal set; }
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct REPARSE_DATA_BUFFER
{
public UInt32 ReparseTag;
public UInt16 ReparseDataLength;
public UInt16 Reserved;
public UInt16 SubstituteNameOffset;
public UInt16 SubstituteNameLength;
public UInt16 PrintNameOffset;
public UInt16 PrintNameLength;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)]
public char[] PathBuffer;
}
public class LinkUtil
{
public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16;
private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000;
private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000;
private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8;
private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4;
private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000;
private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003;
private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C;
private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001;
private const Int64 INVALID_HANDLE_VALUE = -1;
private const UInt32 SIZE_OF_WCHAR = 2;
private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000;
private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001;
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private static extern SafeFileHandle CreateFile(
string lpFileName,
[MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess,
[MarshalAs(UnmanagedType.U4)] FileShare dwShareMode,
IntPtr lpSecurityAttributes,
[MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition,
UInt32 dwFlagsAndAttributes,
IntPtr hTemplateFile);
// Used by GetReparsePointInfo()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
IntPtr lpInBuffer,
UInt32 nInBufferSize,
out REPARSE_DATA_BUFFER lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
// Used by CreateJunctionPoint()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
REPARSE_DATA_BUFFER lpInBuffer,
UInt32 nInBufferSize,
IntPtr lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool GetVolumePathName(
string lpszFileName,
StringBuilder lpszVolumePathName,
ref UInt32 cchBufferLength);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern IntPtr FindFirstFileNameW(
string lpFileName,
UInt32 dwFlags,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool FindNextFileNameW(
IntPtr hFindStream,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool FindClose(
IntPtr hFindFile);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool RemoveDirectory(
string lpPathName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeleteFile(
string lpFileName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateSymbolicLink(
string lpSymlinkFileName,
string lpTargetFileName,
UInt32 dwFlags);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateHardLink(
string lpFileName,
string lpExistingFileName,
IntPtr lpSecurityAttributes);
public static LinkInfo GetLinkInfo(string linkPath)
{
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.ReparsePoint))
return GetReparsePointInfo(linkPath);
if (!attr.HasFlag(FileAttributes.Directory))
return GetHardLinkInfo(linkPath);
return null;
}
public static void DeleteLink(string linkPath)
{
bool success;
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.Directory))
{
success = RemoveDirectory(linkPath);
}
else
{
success = DeleteFile(linkPath);
}
if (!success)
throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath));
}
public static void CreateLink(string linkPath, String linkTarget, LinkType linkType)
{
switch (linkType)
{
case LinkType.SymbolicLink:
UInt32 linkFlags;
FileAttributes attr = File.GetAttributes(linkTarget);
if (attr.HasFlag(FileAttributes.Directory))
linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY;
else
linkFlags = SYMBOLIC_LINK_FLAG_FILE;
if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags))
throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags));
break;
case LinkType.JunctionPoint:
CreateJunctionPoint(linkPath, linkTarget);
break;
case LinkType.HardLink:
if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget));
break;
}
}
private static LinkInfo GetHardLinkInfo(string linkPath)
{
UInt32 maxPath = 260;
List<string> result = new List<string>();
StringBuilder sb = new StringBuilder((int)maxPath);
UInt32 stringLength = maxPath;
if (!GetVolumePathName(linkPath, sb, ref stringLength))
throw new LinkUtilWin32Exception("GetVolumePathName() failed");
string volume = sb.ToString();
stringLength = maxPath;
IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb);
if (findHandle.ToInt64() != INVALID_HANDLE_VALUE)
{
try
{
do
{
string hardLinkPath = sb.ToString();
if (hardLinkPath.StartsWith("\\"))
hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1);
result.Add(Path.Combine(volume, hardLinkPath));
stringLength = maxPath;
} while (FindNextFileNameW(findHandle, ref stringLength, sb));
}
finally
{
FindClose(findHandle);
}
}
if (result.Count > 1)
return new LinkInfo
{
Type = LinkType.HardLink,
HardTargets = result.ToArray()
};
return null;
}
private static LinkInfo GetReparsePointInfo(string linkPath)
{
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Read,
FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
UInt32 bytesReturned;
try
{
if (!DeviceIoControl(
fileHandle,
FSCTL_GET_REPARSE_POINT,
IntPtr.Zero,
0,
out buffer,
MAXIMUM_REPARSE_DATA_BUFFER_SIZE,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath));
}
finally
{
fileHandle.Dispose();
}
bool isRelative = false;
int pathOffset = 0;
LinkType linkType;
if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK)
{
UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]);
if (bufferFlags == SYMLINK_FLAG_RELATIVE)
isRelative = true;
pathOffset = 2;
linkType = LinkType.SymbolicLink;
}
else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT)
{
linkType = LinkType.JunctionPoint;
}
else
{
string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString());
throw new Exception(errorMessage);
}
string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR));
string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR));
// TODO: should we check for \?\UNC\server for convert it to the NT style \\server path
// Remove the leading Windows object directory \?\ from the path if present
string targetPath = substituteName;
if (targetPath.StartsWith("\\??\\"))
targetPath = targetPath.Substring(4, targetPath.Length - 4);
string absolutePath = targetPath;
if (isRelative)
absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath));
return new LinkInfo
{
Type = linkType,
PrintName = printName,
SubstituteName = substituteName,
AbsolutePath = absolutePath,
TargetPath = targetPath
};
}
private static void CreateJunctionPoint(string linkPath, string linkTarget)
{
// We need to create the link as a dir beforehand
Directory.CreateDirectory(linkPath);
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Write,
FileShare.Read | FileShare.Write | FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
try
{
string substituteName = "\\??\\" + Path.GetFullPath(linkTarget);
string printName = linkTarget;
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
buffer.SubstituteNameOffset = 0;
buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR);
buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2);
buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR);
buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT;
buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12);
buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE];
byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName);
char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes);
Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length);
UInt32 bytesReturned;
if (!DeviceIoControl(
fileHandle,
FSCTL_SET_REPARSE_POINT,
buffer,
(UInt32)(buffer.ReparseDataLength + 8),
IntPtr.Zero, 0,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget));
}
finally
{
fileHandle.Dispose();
}
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3161 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9826d90c-660b-406e-841e-8556e4174782
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a64a3b7d-4a4c-4b16-9b82-e150af4d8780
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3160 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9826d90c-660b-406e-841e-8556e4174782
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3159 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9826d90c-660b-406e-841e-8556e4174782
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3158 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9826d90c-660b-406e-841e-8556e4174782
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3157 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9826d90c-660b-406e-841e-8556e4174782
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3156 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9826d90c-660b-406e-841e-8556e4174782
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3155 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9826d90c-660b-406e-841e-8556e4174782
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3154 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9826d90c-660b-406e-841e-8556e4174782
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3153 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9826d90c-660b-406e-841e-8556e4174782
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3152 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a3ca6f9-6465-4446-8412-9512c5d265d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3f1c9afc-e894-416e-b8b7-176ffb5e6b81
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3151 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a3ca6f9-6465-4446-8412-9512c5d265d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3150 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a3ca6f9-6465-4446-8412-9512c5d265d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3149 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a3ca6f9-6465-4446-8412-9512c5d265d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3148 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a3ca6f9-6465-4446-8412-9512c5d265d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3147 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a3ca6f9-6465-4446-8412-9512c5d265d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3146 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a3ca6f9-6465-4446-8412-9512c5d265d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3145 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3528c16-8e1b-4459-b40d-b7a1e9c5a60c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ae64ca4a-f310-4954-a18a-e0f8b6c7e9ea
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3144 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e760585a-2f91-4d00-a8aa-5d6a4147792d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=13e7506c-e6d7-4fbd-97ed-222c42816266
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3143 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e760585a-2f91-4d00-a8aa-5d6a4147792d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=13e7506c-e6d7-4fbd-97ed-222c42816266
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3142 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e760585a-2f91-4d00-a8aa-5d6a4147792d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3141 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e760585a-2f91-4d00-a8aa-5d6a4147792d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3140 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e760585a-2f91-4d00-a8aa-5d6a4147792d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3139 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e760585a-2f91-4d00-a8aa-5d6a4147792d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3138 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e760585a-2f91-4d00-a8aa-5d6a4147792d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3137 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e760585a-2f91-4d00-a8aa-5d6a4147792d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3136 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=644b3c2e-9441-4233-8c8b-830677282cb0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8d9abac1-2c4f-4268-ad0d-cf054cafd1e8
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3135 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=644b3c2e-9441-4233-8c8b-830677282cb0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8d9abac1-2c4f-4268-ad0d-cf054cafd1e8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3134 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=644b3c2e-9441-4233-8c8b-830677282cb0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3133 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=644b3c2e-9441-4233-8c8b-830677282cb0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3132 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=644b3c2e-9441-4233-8c8b-830677282cb0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3131 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=644b3c2e-9441-4233-8c8b-830677282cb0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3130 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=644b3c2e-9441-4233-8c8b-830677282cb0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3129 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=644b3c2e-9441-4233-8c8b-830677282cb0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3128 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=644b3c2e-9441-4233-8c8b-830677282cb0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3127 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=644b3c2e-9441-4233-8c8b-830677282cb0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3126 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3528c16-8e1b-4459-b40d-b7a1e9c5a60c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ae64ca4a-f310-4954-a18a-e0f8b6c7e9ea
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3125 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3528c16-8e1b-4459-b40d-b7a1e9c5a60c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3124 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3528c16-8e1b-4459-b40d-b7a1e9c5a60c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3123 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3528c16-8e1b-4459-b40d-b7a1e9c5a60c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3122 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3528c16-8e1b-4459-b40d-b7a1e9c5a60c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3121 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3528c16-8e1b-4459-b40d-b7a1e9c5a60c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3120 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3528c16-8e1b-4459-b40d-b7a1e9c5a60c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3119 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=37
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dd7e868-8bf8-4ad7-ae74-7359d429ad23
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=74734573-1ec7-451d-98b9-b0a3640ab281
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3118 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=35
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=060f296e-db3e-4ad4-a664-8b50d8e344e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e12d7b60-9b44-4eeb-94cf-6aad021bbfc9
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $platform_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Text;
namespace Ansible.PrivilegeUtil
{
[Flags]
public enum PrivilegeAttributes : uint
{
Disabled = 0x00000000,
EnabledByDefault = 0x00000001,
Enabled = 0x00000002,
Removed = 0x00000004,
UsedForAccess = 0x80000000,
}
internal class NativeHelpers
{
[StructLayout(LayoutKind.Sequential)]
internal struct LUID
{
public UInt32 LowPart;
public Int32 HighPart;
}
[StructLayout(LayoutKind.Sequential)]
internal struct LUID_AND_ATTRIBUTES
{
public LUID Luid;
public PrivilegeAttributes Attributes;
}
[StructLayout(LayoutKind.Sequential)]
internal struct TOKEN_PRIVILEGES
{
public UInt32 PrivilegeCount;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public LUID_AND_ATTRIBUTES[] Privileges;
}
}
internal class NativeMethods
{
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(
IntPtr TokenHandle,
[MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges,
IntPtr NewState,
UInt32 BufferLength,
IntPtr PreviousState,
out UInt32 ReturnLength);
[DllImport("kernel32.dll")]
internal static extern bool CloseHandle(
IntPtr hObject);
[DllImport("kernel32")]
internal static extern SafeWaitHandle GetCurrentProcess();
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool GetTokenInformation(
IntPtr TokenHandle,
UInt32 TokenInformationClass,
IntPtr TokenInformation,
UInt32 TokenInformationLength,
out UInt32 ReturnLength);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeName(
string lpSystemName,
ref NativeHelpers.LUID lpLuid,
StringBuilder lpName,
ref UInt32 cchName);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeValue(
string lpSystemName,
string lpName,
out NativeHelpers.LUID lpLuid);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool OpenProcessToken(
SafeHandle ProcessHandle,
TokenAccessLevels DesiredAccess,
out IntPtr TokenHandle);
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class Privileges
{
private static readonly UInt32 TOKEN_PRIVILEGES = 3;
public static bool CheckPrivilegeName(string name)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, name, out luid))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE
throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name));
return false;
}
else
{
return true;
}
}
public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } });
}
public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token)
{
return AdjustTokenPrivileges(token, null);
}
public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } });
}
public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token)
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken))
throw new Win32Exception("OpenProcessToken() failed");
Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>();
try
{
UInt32 tokenLength = 0;
NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength);
NativeHelpers.LUID_AND_ATTRIBUTES[] privileges;
IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength);
try
{
if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength))
throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed");
NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount];
PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(privilegesPtr);
}
info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes);
}
finally
{
NativeMethods.CloseHandle(hToken);
}
return info;
}
public static SafeWaitHandle GetCurrentProcess()
{
return NativeMethods.GetCurrentProcess();
}
public static void RemovePrivilege(SafeHandle token, string privilege)
{
SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } });
}
public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state)
{
NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count];
int i = 0;
foreach (KeyValuePair<string, bool?> entry in state)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid))
throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key));
PrivilegeAttributes attributes;
switch (entry.Value)
{
case true:
attributes = PrivilegeAttributes.Enabled;
break;
case false:
attributes = PrivilegeAttributes.Disabled;
break;
default:
attributes = PrivilegeAttributes.Removed;
break;
}
privilegeAttr[i].Luid = luid;
privilegeAttr[i].Attributes = attributes;
i++;
}
return AdjustTokenPrivileges(token, privilegeAttr);
}
private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState)
{
bool disableAllPrivileges;
IntPtr newStatePtr;
NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges;
UInt32 returnLength;
if (newState == null)
{
disableAllPrivileges = true;
newStatePtr = IntPtr.Zero;
}
else
{
disableAllPrivileges = false;
// Need to manually marshal the bytes requires for newState as the constant size
// of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES
// always contains at least 1 entry so we need to calculate the extra size if there are
// nore than 1 LUID_AND_ATTRIBUTES entry
int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES));
int luidAttrSize = 0;
if (newState.Length > 1)
luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1);
int totalSize = tokenPrivilegesSize + luidAttrSize;
byte[] newStateBytes = new byte[totalSize];
// get the first entry that includes the struct details
NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES()
{
PrivilegeCount = (UInt32)newState.Length,
Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1],
};
if (newState.Length > 0)
tokenPrivileges.Privileges[0] = newState[0];
int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0);
// copy the remaining LUID_AND_ATTRIBUTES (if any)
for (int i = 1; i < newState.Length; i++)
offset += StructureToBytes(newState[i], newStateBytes, offset);
// finally create the pointer to the byte array we just created
newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length);
Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length);
}
try
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken))
throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges");
try
{
IntPtr oldStatePtr = Marshal.AllocHGlobal(0);
if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size");
}
// resize the oldStatePtr based on the length returned from Windows
Marshal.FreeHGlobal(oldStatePtr);
oldStatePtr = Marshal.AllocHGlobal((int)returnLength);
try
{
bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength);
int errCode = Marshal.GetLastWin32Error();
// even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code
if (!res || errCode != 0)
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed");
// Marshal the oldStatePtr to the struct
NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount];
PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(oldStatePtr);
}
}
finally
{
NativeMethods.CloseHandle(hToken);
}
}
finally
{
if (newStatePtr != IntPtr.Zero)
Marshal.FreeHGlobal(newStatePtr);
}
return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled));
}
private static string GetPrivilegeName(NativeHelpers.LUID luid)
{
UInt32 nameLen = 0;
NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen);
StringBuilder name = new StringBuilder((int)(nameLen + 1));
if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen))
throw new Win32Exception("LookupPrivilegeName() failed");
return name.ToString();
}
private static void PtrToStructureArray<T>(T[] array, IntPtr ptr)
{
IntPtr ptrOffset = ptr;
for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T))))
array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T));
}
private static int StructureToBytes<T>(T structure, byte[] array, int offset)
{
int size = Marshal.SizeOf(structure);
IntPtr structPtr = Marshal.AllocHGlobal(size);
try
{
Marshal.StructureToPtr(structure, structPtr, false);
Marshal.Copy(structPtr, array, offset, size);
}
finally
{
Marshal.FreeHGlobal(structPtr);
}
return size;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3117 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $link_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=060f296e-db3e-4ad4-a664-8b50d8e344e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e12d7b60-9b44-4eeb-94cf-6aad021bbfc9
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $link_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
namespace Ansible
{
public enum LinkType
{
SymbolicLink,
JunctionPoint,
HardLink
}
public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); }
}
public class LinkInfo
{
public LinkType Type { get; internal set; }
public string PrintName { get; internal set; }
public string SubstituteName { get; internal set; }
public string AbsolutePath { get; internal set; }
public string TargetPath { get; internal set; }
public string[] HardTargets { get; internal set; }
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct REPARSE_DATA_BUFFER
{
public UInt32 ReparseTag;
public UInt16 ReparseDataLength;
public UInt16 Reserved;
public UInt16 SubstituteNameOffset;
public UInt16 SubstituteNameLength;
public UInt16 PrintNameOffset;
public UInt16 PrintNameLength;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)]
public char[] PathBuffer;
}
public class LinkUtil
{
public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16;
private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000;
private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000;
private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8;
private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4;
private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000;
private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003;
private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C;
private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001;
private const Int64 INVALID_HANDLE_VALUE = -1;
private const UInt32 SIZE_OF_WCHAR = 2;
private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000;
private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001;
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private static extern SafeFileHandle CreateFile(
string lpFileName,
[MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess,
[MarshalAs(UnmanagedType.U4)] FileShare dwShareMode,
IntPtr lpSecurityAttributes,
[MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition,
UInt32 dwFlagsAndAttributes,
IntPtr hTemplateFile);
// Used by GetReparsePointInfo()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
IntPtr lpInBuffer,
UInt32 nInBufferSize,
out REPARSE_DATA_BUFFER lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
// Used by CreateJunctionPoint()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
REPARSE_DATA_BUFFER lpInBuffer,
UInt32 nInBufferSize,
IntPtr lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool GetVolumePathName(
string lpszFileName,
StringBuilder lpszVolumePathName,
ref UInt32 cchBufferLength);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern IntPtr FindFirstFileNameW(
string lpFileName,
UInt32 dwFlags,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool FindNextFileNameW(
IntPtr hFindStream,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool FindClose(
IntPtr hFindFile);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool RemoveDirectory(
string lpPathName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeleteFile(
string lpFileName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateSymbolicLink(
string lpSymlinkFileName,
string lpTargetFileName,
UInt32 dwFlags);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateHardLink(
string lpFileName,
string lpExistingFileName,
IntPtr lpSecurityAttributes);
public static LinkInfo GetLinkInfo(string linkPath)
{
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.ReparsePoint))
return GetReparsePointInfo(linkPath);
if (!attr.HasFlag(FileAttributes.Directory))
return GetHardLinkInfo(linkPath);
return null;
}
public static void DeleteLink(string linkPath)
{
bool success;
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.Directory))
{
success = RemoveDirectory(linkPath);
}
else
{
success = DeleteFile(linkPath);
}
if (!success)
throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath));
}
public static void CreateLink(string linkPath, String linkTarget, LinkType linkType)
{
switch (linkType)
{
case LinkType.SymbolicLink:
UInt32 linkFlags;
FileAttributes attr = File.GetAttributes(linkTarget);
if (attr.HasFlag(FileAttributes.Directory))
linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY;
else
linkFlags = SYMBOLIC_LINK_FLAG_FILE;
if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags))
throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags));
break;
case LinkType.JunctionPoint:
CreateJunctionPoint(linkPath, linkTarget);
break;
case LinkType.HardLink:
if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget));
break;
}
}
private static LinkInfo GetHardLinkInfo(string linkPath)
{
UInt32 maxPath = 260;
List<string> result = new List<string>();
StringBuilder sb = new StringBuilder((int)maxPath);
UInt32 stringLength = maxPath;
if (!GetVolumePathName(linkPath, sb, ref stringLength))
throw new LinkUtilWin32Exception("GetVolumePathName() failed");
string volume = sb.ToString();
stringLength = maxPath;
IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb);
if (findHandle.ToInt64() != INVALID_HANDLE_VALUE)
{
try
{
do
{
string hardLinkPath = sb.ToString();
if (hardLinkPath.StartsWith("\\"))
hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1);
result.Add(Path.Combine(volume, hardLinkPath));
stringLength = maxPath;
} while (FindNextFileNameW(findHandle, ref stringLength, sb));
}
finally
{
FindClose(findHandle);
}
}
if (result.Count > 1)
return new LinkInfo
{
Type = LinkType.HardLink,
HardTargets = result.ToArray()
};
return null;
}
private static LinkInfo GetReparsePointInfo(string linkPath)
{
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Read,
FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
UInt32 bytesReturned;
try
{
if (!DeviceIoControl(
fileHandle,
FSCTL_GET_REPARSE_POINT,
IntPtr.Zero,
0,
out buffer,
MAXIMUM_REPARSE_DATA_BUFFER_SIZE,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath));
}
finally
{
fileHandle.Dispose();
}
bool isRelative = false;
int pathOffset = 0;
LinkType linkType;
if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK)
{
UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]);
if (bufferFlags == SYMLINK_FLAG_RELATIVE)
isRelative = true;
pathOffset = 2;
linkType = LinkType.SymbolicLink;
}
else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT)
{
linkType = LinkType.JunctionPoint;
}
else
{
string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString());
throw new Exception(errorMessage);
}
string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR));
string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR));
// TODO: should we check for \?\UNC\server for convert it to the NT style \\server path
// Remove the leading Windows object directory \?\ from the path if present
string targetPath = substituteName;
if (targetPath.StartsWith("\\??\\"))
targetPath = targetPath.Substring(4, targetPath.Length - 4);
string absolutePath = targetPath;
if (isRelative)
absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath));
return new LinkInfo
{
Type = linkType,
PrintName = printName,
SubstituteName = substituteName,
AbsolutePath = absolutePath,
TargetPath = targetPath
};
}
private static void CreateJunctionPoint(string linkPath, string linkTarget)
{
// We need to create the link as a dir beforehand
Directory.CreateDirectory(linkPath);
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Write,
FileShare.Read | FileShare.Write | FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
try
{
string substituteName = "\\??\\" + Path.GetFullPath(linkTarget);
string printName = linkTarget;
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
buffer.SubstituteNameOffset = 0;
buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR);
buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2);
buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR);
buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT;
buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12);
buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE];
byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName);
char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes);
Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length);
UInt32 bytesReturned;
if (!DeviceIoControl(
fileHandle,
FSCTL_SET_REPARSE_POINT,
buffer,
(UInt32)(buffer.ReparseDataLength + 8),
IntPtr.Zero, 0,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget));
}
finally
{
fileHandle.Dispose();
}
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3116 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=060f296e-db3e-4ad4-a664-8b50d8e344e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e12d7b60-9b44-4eeb-94cf-6aad021bbfc9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3115 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=060f296e-db3e-4ad4-a664-8b50d8e344e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3114 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=060f296e-db3e-4ad4-a664-8b50d8e344e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3113 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=060f296e-db3e-4ad4-a664-8b50d8e344e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3112 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=060f296e-db3e-4ad4-a664-8b50d8e344e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3111 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=060f296e-db3e-4ad4-a664-8b50d8e344e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3110 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=060f296e-db3e-4ad4-a664-8b50d8e344e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3109 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=060f296e-db3e-4ad4-a664-8b50d8e344e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3108 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=060f296e-db3e-4ad4-a664-8b50d8e344e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3107 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dd7e868-8bf8-4ad7-ae74-7359d429ad23
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=74734573-1ec7-451d-98b9-b0a3640ab281
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3106 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dd7e868-8bf8-4ad7-ae74-7359d429ad23
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3105 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dd7e868-8bf8-4ad7-ae74-7359d429ad23
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3104 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dd7e868-8bf8-4ad7-ae74-7359d429ad23
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3103 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dd7e868-8bf8-4ad7-ae74-7359d429ad23
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3102 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dd7e868-8bf8-4ad7-ae74-7359d429ad23
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3101 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dd7e868-8bf8-4ad7-ae74-7359d429ad23
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3100 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36ac68c7-b4e4-42a1-b4a8-050de7a506e4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=70547665-62b5-4318-bbd0-fd8243db730a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3099 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7e3bbb14-09c6-4489-8541-f53ff99a51db
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=d497400f-c233-4481-97df-f04257232293
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3098 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7e3bbb14-09c6-4489-8541-f53ff99a51db
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=d497400f-c233-4481-97df-f04257232293
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3097 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7e3bbb14-09c6-4489-8541-f53ff99a51db
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3096 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7e3bbb14-09c6-4489-8541-f53ff99a51db
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3095 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7e3bbb14-09c6-4489-8541-f53ff99a51db
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3094 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7e3bbb14-09c6-4489-8541-f53ff99a51db
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3093 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7e3bbb14-09c6-4489-8541-f53ff99a51db
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3092 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7e3bbb14-09c6-4489-8541-f53ff99a51db
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3091 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4e781afd-773b-4ce0-aef1-6ff49221ad0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9310ffd3-6fb0-4c37-ab20-c5a8bfe20862
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3090 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4e781afd-773b-4ce0-aef1-6ff49221ad0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9310ffd3-6fb0-4c37-ab20-c5a8bfe20862
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3089 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4e781afd-773b-4ce0-aef1-6ff49221ad0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3088 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4e781afd-773b-4ce0-aef1-6ff49221ad0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3087 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4e781afd-773b-4ce0-aef1-6ff49221ad0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3086 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4e781afd-773b-4ce0-aef1-6ff49221ad0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3085 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4e781afd-773b-4ce0-aef1-6ff49221ad0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3084 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4e781afd-773b-4ce0-aef1-6ff49221ad0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3083 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4e781afd-773b-4ce0-aef1-6ff49221ad0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3082 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4e781afd-773b-4ce0-aef1-6ff49221ad0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3081 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36ac68c7-b4e4-42a1-b4a8-050de7a506e4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=70547665-62b5-4318-bbd0-fd8243db730a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3080 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36ac68c7-b4e4-42a1-b4a8-050de7a506e4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3079 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36ac68c7-b4e4-42a1-b4a8-050de7a506e4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3078 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36ac68c7-b4e4-42a1-b4a8-050de7a506e4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3077 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36ac68c7-b4e4-42a1-b4a8-050de7a506e4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3076 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36ac68c7-b4e4-42a1-b4a8-050de7a506e4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3075 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36ac68c7-b4e4-42a1-b4a8-050de7a506e4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3074 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=37
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26f980c2-b1d0-495e-b0a4-01b7b792a384
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b1047250-a35e-4298-8ae8-fc9190ca2b30
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3073 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=35
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=22c20e9e-c59b-4fa5-8917-a167bea64d7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=43d008c7-be50-4311-a43f-ed45c8d9a28d
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $platform_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Text;
namespace Ansible.PrivilegeUtil
{
[Flags]
public enum PrivilegeAttributes : uint
{
Disabled = 0x00000000,
EnabledByDefault = 0x00000001,
Enabled = 0x00000002,
Removed = 0x00000004,
UsedForAccess = 0x80000000,
}
internal class NativeHelpers
{
[StructLayout(LayoutKind.Sequential)]
internal struct LUID
{
public UInt32 LowPart;
public Int32 HighPart;
}
[StructLayout(LayoutKind.Sequential)]
internal struct LUID_AND_ATTRIBUTES
{
public LUID Luid;
public PrivilegeAttributes Attributes;
}
[StructLayout(LayoutKind.Sequential)]
internal struct TOKEN_PRIVILEGES
{
public UInt32 PrivilegeCount;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public LUID_AND_ATTRIBUTES[] Privileges;
}
}
internal class NativeMethods
{
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(
IntPtr TokenHandle,
[MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges,
IntPtr NewState,
UInt32 BufferLength,
IntPtr PreviousState,
out UInt32 ReturnLength);
[DllImport("kernel32.dll")]
internal static extern bool CloseHandle(
IntPtr hObject);
[DllImport("kernel32")]
internal static extern SafeWaitHandle GetCurrentProcess();
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool GetTokenInformation(
IntPtr TokenHandle,
UInt32 TokenInformationClass,
IntPtr TokenInformation,
UInt32 TokenInformationLength,
out UInt32 ReturnLength);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeName(
string lpSystemName,
ref NativeHelpers.LUID lpLuid,
StringBuilder lpName,
ref UInt32 cchName);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeValue(
string lpSystemName,
string lpName,
out NativeHelpers.LUID lpLuid);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool OpenProcessToken(
SafeHandle ProcessHandle,
TokenAccessLevels DesiredAccess,
out IntPtr TokenHandle);
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class Privileges
{
private static readonly UInt32 TOKEN_PRIVILEGES = 3;
public static bool CheckPrivilegeName(string name)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, name, out luid))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE
throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name));
return false;
}
else
{
return true;
}
}
public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } });
}
public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token)
{
return AdjustTokenPrivileges(token, null);
}
public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } });
}
public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token)
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken))
throw new Win32Exception("OpenProcessToken() failed");
Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>();
try
{
UInt32 tokenLength = 0;
NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength);
NativeHelpers.LUID_AND_ATTRIBUTES[] privileges;
IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength);
try
{
if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength))
throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed");
NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount];
PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(privilegesPtr);
}
info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes);
}
finally
{
NativeMethods.CloseHandle(hToken);
}
return info;
}
public static SafeWaitHandle GetCurrentProcess()
{
return NativeMethods.GetCurrentProcess();
}
public static void RemovePrivilege(SafeHandle token, string privilege)
{
SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } });
}
public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state)
{
NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count];
int i = 0;
foreach (KeyValuePair<string, bool?> entry in state)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid))
throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key));
PrivilegeAttributes attributes;
switch (entry.Value)
{
case true:
attributes = PrivilegeAttributes.Enabled;
break;
case false:
attributes = PrivilegeAttributes.Disabled;
break;
default:
attributes = PrivilegeAttributes.Removed;
break;
}
privilegeAttr[i].Luid = luid;
privilegeAttr[i].Attributes = attributes;
i++;
}
return AdjustTokenPrivileges(token, privilegeAttr);
}
private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState)
{
bool disableAllPrivileges;
IntPtr newStatePtr;
NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges;
UInt32 returnLength;
if (newState == null)
{
disableAllPrivileges = true;
newStatePtr = IntPtr.Zero;
}
else
{
disableAllPrivileges = false;
// Need to manually marshal the bytes requires for newState as the constant size
// of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES
// always contains at least 1 entry so we need to calculate the extra size if there are
// nore than 1 LUID_AND_ATTRIBUTES entry
int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES));
int luidAttrSize = 0;
if (newState.Length > 1)
luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1);
int totalSize = tokenPrivilegesSize + luidAttrSize;
byte[] newStateBytes = new byte[totalSize];
// get the first entry that includes the struct details
NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES()
{
PrivilegeCount = (UInt32)newState.Length,
Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1],
};
if (newState.Length > 0)
tokenPrivileges.Privileges[0] = newState[0];
int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0);
// copy the remaining LUID_AND_ATTRIBUTES (if any)
for (int i = 1; i < newState.Length; i++)
offset += StructureToBytes(newState[i], newStateBytes, offset);
// finally create the pointer to the byte array we just created
newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length);
Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length);
}
try
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken))
throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges");
try
{
IntPtr oldStatePtr = Marshal.AllocHGlobal(0);
if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size");
}
// resize the oldStatePtr based on the length returned from Windows
Marshal.FreeHGlobal(oldStatePtr);
oldStatePtr = Marshal.AllocHGlobal((int)returnLength);
try
{
bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength);
int errCode = Marshal.GetLastWin32Error();
// even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code
if (!res || errCode != 0)
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed");
// Marshal the oldStatePtr to the struct
NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount];
PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(oldStatePtr);
}
}
finally
{
NativeMethods.CloseHandle(hToken);
}
}
finally
{
if (newStatePtr != IntPtr.Zero)
Marshal.FreeHGlobal(newStatePtr);
}
return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled));
}
private static string GetPrivilegeName(NativeHelpers.LUID luid)
{
UInt32 nameLen = 0;
NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen);
StringBuilder name = new StringBuilder((int)(nameLen + 1));
if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen))
throw new Win32Exception("LookupPrivilegeName() failed");
return name.ToString();
}
private static void PtrToStructureArray<T>(T[] array, IntPtr ptr)
{
IntPtr ptrOffset = ptr;
for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T))))
array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T));
}
private static int StructureToBytes<T>(T structure, byte[] array, int offset)
{
int size = Marshal.SizeOf(structure);
IntPtr structPtr = Marshal.AllocHGlobal(size);
try
{
Marshal.StructureToPtr(structure, structPtr, false);
Marshal.Copy(structPtr, array, offset, size);
}
finally
{
Marshal.FreeHGlobal(structPtr);
}
return size;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3072 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $link_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=22c20e9e-c59b-4fa5-8917-a167bea64d7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=43d008c7-be50-4311-a43f-ed45c8d9a28d
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $link_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
namespace Ansible
{
public enum LinkType
{
SymbolicLink,
JunctionPoint,
HardLink
}
public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); }
}
public class LinkInfo
{
public LinkType Type { get; internal set; }
public string PrintName { get; internal set; }
public string SubstituteName { get; internal set; }
public string AbsolutePath { get; internal set; }
public string TargetPath { get; internal set; }
public string[] HardTargets { get; internal set; }
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct REPARSE_DATA_BUFFER
{
public UInt32 ReparseTag;
public UInt16 ReparseDataLength;
public UInt16 Reserved;
public UInt16 SubstituteNameOffset;
public UInt16 SubstituteNameLength;
public UInt16 PrintNameOffset;
public UInt16 PrintNameLength;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)]
public char[] PathBuffer;
}
public class LinkUtil
{
public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16;
private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000;
private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000;
private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8;
private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4;
private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000;
private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003;
private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C;
private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001;
private const Int64 INVALID_HANDLE_VALUE = -1;
private const UInt32 SIZE_OF_WCHAR = 2;
private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000;
private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001;
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private static extern SafeFileHandle CreateFile(
string lpFileName,
[MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess,
[MarshalAs(UnmanagedType.U4)] FileShare dwShareMode,
IntPtr lpSecurityAttributes,
[MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition,
UInt32 dwFlagsAndAttributes,
IntPtr hTemplateFile);
// Used by GetReparsePointInfo()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
IntPtr lpInBuffer,
UInt32 nInBufferSize,
out REPARSE_DATA_BUFFER lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
// Used by CreateJunctionPoint()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
REPARSE_DATA_BUFFER lpInBuffer,
UInt32 nInBufferSize,
IntPtr lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool GetVolumePathName(
string lpszFileName,
StringBuilder lpszVolumePathName,
ref UInt32 cchBufferLength);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern IntPtr FindFirstFileNameW(
string lpFileName,
UInt32 dwFlags,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool FindNextFileNameW(
IntPtr hFindStream,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool FindClose(
IntPtr hFindFile);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool RemoveDirectory(
string lpPathName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeleteFile(
string lpFileName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateSymbolicLink(
string lpSymlinkFileName,
string lpTargetFileName,
UInt32 dwFlags);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateHardLink(
string lpFileName,
string lpExistingFileName,
IntPtr lpSecurityAttributes);
public static LinkInfo GetLinkInfo(string linkPath)
{
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.ReparsePoint))
return GetReparsePointInfo(linkPath);
if (!attr.HasFlag(FileAttributes.Directory))
return GetHardLinkInfo(linkPath);
return null;
}
public static void DeleteLink(string linkPath)
{
bool success;
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.Directory))
{
success = RemoveDirectory(linkPath);
}
else
{
success = DeleteFile(linkPath);
}
if (!success)
throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath));
}
public static void CreateLink(string linkPath, String linkTarget, LinkType linkType)
{
switch (linkType)
{
case LinkType.SymbolicLink:
UInt32 linkFlags;
FileAttributes attr = File.GetAttributes(linkTarget);
if (attr.HasFlag(FileAttributes.Directory))
linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY;
else
linkFlags = SYMBOLIC_LINK_FLAG_FILE;
if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags))
throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags));
break;
case LinkType.JunctionPoint:
CreateJunctionPoint(linkPath, linkTarget);
break;
case LinkType.HardLink:
if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget));
break;
}
}
private static LinkInfo GetHardLinkInfo(string linkPath)
{
UInt32 maxPath = 260;
List<string> result = new List<string>();
StringBuilder sb = new StringBuilder((int)maxPath);
UInt32 stringLength = maxPath;
if (!GetVolumePathName(linkPath, sb, ref stringLength))
throw new LinkUtilWin32Exception("GetVolumePathName() failed");
string volume = sb.ToString();
stringLength = maxPath;
IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb);
if (findHandle.ToInt64() != INVALID_HANDLE_VALUE)
{
try
{
do
{
string hardLinkPath = sb.ToString();
if (hardLinkPath.StartsWith("\\"))
hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1);
result.Add(Path.Combine(volume, hardLinkPath));
stringLength = maxPath;
} while (FindNextFileNameW(findHandle, ref stringLength, sb));
}
finally
{
FindClose(findHandle);
}
}
if (result.Count > 1)
return new LinkInfo
{
Type = LinkType.HardLink,
HardTargets = result.ToArray()
};
return null;
}
private static LinkInfo GetReparsePointInfo(string linkPath)
{
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Read,
FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
UInt32 bytesReturned;
try
{
if (!DeviceIoControl(
fileHandle,
FSCTL_GET_REPARSE_POINT,
IntPtr.Zero,
0,
out buffer,
MAXIMUM_REPARSE_DATA_BUFFER_SIZE,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath));
}
finally
{
fileHandle.Dispose();
}
bool isRelative = false;
int pathOffset = 0;
LinkType linkType;
if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK)
{
UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]);
if (bufferFlags == SYMLINK_FLAG_RELATIVE)
isRelative = true;
pathOffset = 2;
linkType = LinkType.SymbolicLink;
}
else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT)
{
linkType = LinkType.JunctionPoint;
}
else
{
string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString());
throw new Exception(errorMessage);
}
string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR));
string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR));
// TODO: should we check for \?\UNC\server for convert it to the NT style \\server path
// Remove the leading Windows object directory \?\ from the path if present
string targetPath = substituteName;
if (targetPath.StartsWith("\\??\\"))
targetPath = targetPath.Substring(4, targetPath.Length - 4);
string absolutePath = targetPath;
if (isRelative)
absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath));
return new LinkInfo
{
Type = linkType,
PrintName = printName,
SubstituteName = substituteName,
AbsolutePath = absolutePath,
TargetPath = targetPath
};
}
private static void CreateJunctionPoint(string linkPath, string linkTarget)
{
// We need to create the link as a dir beforehand
Directory.CreateDirectory(linkPath);
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Write,
FileShare.Read | FileShare.Write | FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
try
{
string substituteName = "\\??\\" + Path.GetFullPath(linkTarget);
string printName = linkTarget;
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
buffer.SubstituteNameOffset = 0;
buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR);
buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2);
buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR);
buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT;
buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12);
buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE];
byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName);
char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes);
Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length);
UInt32 bytesReturned;
if (!DeviceIoControl(
fileHandle,
FSCTL_SET_REPARSE_POINT,
buffer,
(UInt32)(buffer.ReparseDataLength + 8),
IntPtr.Zero, 0,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget));
}
finally
{
fileHandle.Dispose();
}
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3071 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=22c20e9e-c59b-4fa5-8917-a167bea64d7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=43d008c7-be50-4311-a43f-ed45c8d9a28d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3070 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=22c20e9e-c59b-4fa5-8917-a167bea64d7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3069 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=22c20e9e-c59b-4fa5-8917-a167bea64d7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3068 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=22c20e9e-c59b-4fa5-8917-a167bea64d7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3067 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=22c20e9e-c59b-4fa5-8917-a167bea64d7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3066 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=22c20e9e-c59b-4fa5-8917-a167bea64d7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3065 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=22c20e9e-c59b-4fa5-8917-a167bea64d7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3064 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=22c20e9e-c59b-4fa5-8917-a167bea64d7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3063 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=22c20e9e-c59b-4fa5-8917-a167bea64d7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3062 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26f980c2-b1d0-495e-b0a4-01b7b792a384
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b1047250-a35e-4298-8ae8-fc9190ca2b30
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3061 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26f980c2-b1d0-495e-b0a4-01b7b792a384
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3060 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26f980c2-b1d0-495e-b0a4-01b7b792a384
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3059 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26f980c2-b1d0-495e-b0a4-01b7b792a384
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3058 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26f980c2-b1d0-495e-b0a4-01b7b792a384
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3057 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26f980c2-b1d0-495e-b0a4-01b7b792a384
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3056 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26f980c2-b1d0-495e-b0a4-01b7b792a384
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3055 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=36
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f4b714e-b14d-48ff-9e7d-547c172bdfce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c0eed079-02fd-4318-ba14-76a6b046b491
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3054 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:07:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=34
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e5c611af-f71b-402a-8d59-c2d45d3b039b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=00ab2311-3baf-4a6b-8e3d-53e375f820bb
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3053 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e5c611af-f71b-402a-8d59-c2d45d3b039b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=00ab2311-3baf-4a6b-8e3d-53e375f820bb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3052 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e5c611af-f71b-402a-8d59-c2d45d3b039b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3051 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e5c611af-f71b-402a-8d59-c2d45d3b039b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3050 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e5c611af-f71b-402a-8d59-c2d45d3b039b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3049 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e5c611af-f71b-402a-8d59-c2d45d3b039b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3048 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e5c611af-f71b-402a-8d59-c2d45d3b039b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3047 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e5c611af-f71b-402a-8d59-c2d45d3b039b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3046 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e5c611af-f71b-402a-8d59-c2d45d3b039b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3045 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e5c611af-f71b-402a-8d59-c2d45d3b039b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3044 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f4b714e-b14d-48ff-9e7d-547c172bdfce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c0eed079-02fd-4318-ba14-76a6b046b491
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3043 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f4b714e-b14d-48ff-9e7d-547c172bdfce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3042 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f4b714e-b14d-48ff-9e7d-547c172bdfce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3041 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f4b714e-b14d-48ff-9e7d-547c172bdfce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3040 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f4b714e-b14d-48ff-9e7d-547c172bdfce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3039 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f4b714e-b14d-48ff-9e7d-547c172bdfce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3038 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f4b714e-b14d-48ff-9e7d-547c172bdfce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3037 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c05b1e91-53fc-48b9-963a-b6d3c0627f71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=139d88ea-1aba-4db9-a714-69d69edaa404
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3036 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=07892da8-ce32-406b-a86c-c7c771455a8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=233084e1-c7cd-44e6-82b3-6b4fa5197cb9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3035 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=07892da8-ce32-406b-a86c-c7c771455a8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3034 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=07892da8-ce32-406b-a86c-c7c771455a8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3033 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=07892da8-ce32-406b-a86c-c7c771455a8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3032 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=07892da8-ce32-406b-a86c-c7c771455a8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3031 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=07892da8-ce32-406b-a86c-c7c771455a8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3030 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=07892da8-ce32-406b-a86c-c7c771455a8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3029 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=07892da8-ce32-406b-a86c-c7c771455a8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3028 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=07892da8-ce32-406b-a86c-c7c771455a8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3027 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c05b1e91-53fc-48b9-963a-b6d3c0627f71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=139d88ea-1aba-4db9-a714-69d69edaa404
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3026 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c05b1e91-53fc-48b9-963a-b6d3c0627f71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3025 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c05b1e91-53fc-48b9-963a-b6d3c0627f71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3024 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c05b1e91-53fc-48b9-963a-b6d3c0627f71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3023 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c05b1e91-53fc-48b9-963a-b6d3c0627f71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3022 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c05b1e91-53fc-48b9-963a-b6d3c0627f71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3021 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c05b1e91-53fc-48b9-963a-b6d3c0627f71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3020 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=938b1840-60e0-4291-acba-fc4385b57114
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4583da40-6582-4dfa-9af8-19392d7a14d4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3019 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=987914c3-f5ca-41ed-acf6-eb22e7d79748
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1f71f72c-47da-45dc-8c12-a93e8d367b71
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3018 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=987914c3-f5ca-41ed-acf6-eb22e7d79748
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3017 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=987914c3-f5ca-41ed-acf6-eb22e7d79748
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3016 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=987914c3-f5ca-41ed-acf6-eb22e7d79748
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3015 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=987914c3-f5ca-41ed-acf6-eb22e7d79748
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3014 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=987914c3-f5ca-41ed-acf6-eb22e7d79748
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3013 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=987914c3-f5ca-41ed-acf6-eb22e7d79748
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3012 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=987914c3-f5ca-41ed-acf6-eb22e7d79748
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3011 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=987914c3-f5ca-41ed-acf6-eb22e7d79748
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3010 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=938b1840-60e0-4291-acba-fc4385b57114
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4583da40-6582-4dfa-9af8-19392d7a14d4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3009 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=938b1840-60e0-4291-acba-fc4385b57114
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3008 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=938b1840-60e0-4291-acba-fc4385b57114
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3007 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=938b1840-60e0-4291-acba-fc4385b57114
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3006 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=938b1840-60e0-4291-acba-fc4385b57114
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3005 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=938b1840-60e0-4291-acba-fc4385b57114
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3004 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=938b1840-60e0-4291-acba-fc4385b57114
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3003 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e33ef421-e318-485b-82ad-1fb766693b22
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=12886dfa-58b7-4022-b252-ae6691da7265
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3002 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=eb39696e-1e17-49fb-89ae-7faaf24378c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=259231fc-c453-42d8-8cb7-e48b5bfa5cbd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3001 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=eb39696e-1e17-49fb-89ae-7faaf24378c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3000 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=eb39696e-1e17-49fb-89ae-7faaf24378c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2999 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=eb39696e-1e17-49fb-89ae-7faaf24378c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2998 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=eb39696e-1e17-49fb-89ae-7faaf24378c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2997 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=eb39696e-1e17-49fb-89ae-7faaf24378c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2996 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=eb39696e-1e17-49fb-89ae-7faaf24378c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2995 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=eb39696e-1e17-49fb-89ae-7faaf24378c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2994 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=eb39696e-1e17-49fb-89ae-7faaf24378c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2993 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e33ef421-e318-485b-82ad-1fb766693b22
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=12886dfa-58b7-4022-b252-ae6691da7265
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2992 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e33ef421-e318-485b-82ad-1fb766693b22
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2991 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e33ef421-e318-485b-82ad-1fb766693b22
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2990 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e33ef421-e318-485b-82ad-1fb766693b22
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2989 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e33ef421-e318-485b-82ad-1fb766693b22
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2988 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e33ef421-e318-485b-82ad-1fb766693b22
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2987 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e33ef421-e318-485b-82ad-1fb766693b22
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2986 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=48e5768a-608e-41af-a59e-22c8361811b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b104c4f7-9cad-47db-aa5f-84354a2ba0a9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2985 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=eb80ddb9-3e84-4059-b1e7-6703a88565a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=80a3e01f-775a-43fa-b506-a0b9acba40b1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2984 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=eb80ddb9-3e84-4059-b1e7-6703a88565a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2983 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=eb80ddb9-3e84-4059-b1e7-6703a88565a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2982 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=eb80ddb9-3e84-4059-b1e7-6703a88565a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2981 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=eb80ddb9-3e84-4059-b1e7-6703a88565a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2980 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=eb80ddb9-3e84-4059-b1e7-6703a88565a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2979 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=eb80ddb9-3e84-4059-b1e7-6703a88565a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2978 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=eb80ddb9-3e84-4059-b1e7-6703a88565a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2977 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=eb80ddb9-3e84-4059-b1e7-6703a88565a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2976 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=48e5768a-608e-41af-a59e-22c8361811b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b104c4f7-9cad-47db-aa5f-84354a2ba0a9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2975 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=48e5768a-608e-41af-a59e-22c8361811b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2974 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=48e5768a-608e-41af-a59e-22c8361811b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2973 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=48e5768a-608e-41af-a59e-22c8361811b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2972 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=48e5768a-608e-41af-a59e-22c8361811b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2971 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=48e5768a-608e-41af-a59e-22c8361811b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2970 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=48e5768a-608e-41af-a59e-22c8361811b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2969 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=36
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c1119e25-1d46-4792-ba06-f8bce55b407c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2a5bf1d5-0be8-4810-a04e-4b9c6894c325
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2968 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=34
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=77248484-04a5-456c-ad4a-c3a308a1841c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a5d38734-7163-48ac-83e1-0ee981b4d4a9
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2967 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=77248484-04a5-456c-ad4a-c3a308a1841c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a5d38734-7163-48ac-83e1-0ee981b4d4a9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2966 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=77248484-04a5-456c-ad4a-c3a308a1841c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2965 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=77248484-04a5-456c-ad4a-c3a308a1841c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2964 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=77248484-04a5-456c-ad4a-c3a308a1841c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2963 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=77248484-04a5-456c-ad4a-c3a308a1841c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2962 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=77248484-04a5-456c-ad4a-c3a308a1841c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2961 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=77248484-04a5-456c-ad4a-c3a308a1841c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2960 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=77248484-04a5-456c-ad4a-c3a308a1841c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2959 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=77248484-04a5-456c-ad4a-c3a308a1841c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2958 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c1119e25-1d46-4792-ba06-f8bce55b407c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2a5bf1d5-0be8-4810-a04e-4b9c6894c325
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2957 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c1119e25-1d46-4792-ba06-f8bce55b407c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2956 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c1119e25-1d46-4792-ba06-f8bce55b407c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2955 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c1119e25-1d46-4792-ba06-f8bce55b407c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2954 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c1119e25-1d46-4792-ba06-f8bce55b407c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2953 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c1119e25-1d46-4792-ba06-f8bce55b407c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2952 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c1119e25-1d46-4792-ba06-f8bce55b407c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2951 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 9:06:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88db8625-9aa0-438c-9f4b-47702a3b82a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=db0b5f26-2efb-45ec-9e48-ff334152b4a2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2950 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab162b97-9f13-43db-99ec-aa775411448d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d91d8e1e-5e1c-40c0-af9f-eaa2792cb063
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2949 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab162b97-9f13-43db-99ec-aa775411448d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2948 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab162b97-9f13-43db-99ec-aa775411448d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2947 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab162b97-9f13-43db-99ec-aa775411448d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2946 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab162b97-9f13-43db-99ec-aa775411448d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2945 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab162b97-9f13-43db-99ec-aa775411448d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2944 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab162b97-9f13-43db-99ec-aa775411448d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2943 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab162b97-9f13-43db-99ec-aa775411448d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2942 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab162b97-9f13-43db-99ec-aa775411448d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2941 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88db8625-9aa0-438c-9f4b-47702a3b82a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=db0b5f26-2efb-45ec-9e48-ff334152b4a2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2940 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88db8625-9aa0-438c-9f4b-47702a3b82a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2939 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88db8625-9aa0-438c-9f4b-47702a3b82a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2938 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88db8625-9aa0-438c-9f4b-47702a3b82a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2937 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88db8625-9aa0-438c-9f4b-47702a3b82a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2936 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88db8625-9aa0-438c-9f4b-47702a3b82a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2935 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88db8625-9aa0-438c-9f4b-47702a3b82a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2934 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=83f529f5-e71c-4c2b-a7d7-bec9ae3ea779
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAxAEEARABFAEEATwBRAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAGcAQQBNAEEAQQA0AEEARABBAEEATwBRAEEAdwBBAEQAZwBBAE0AQQBBADQAQQBEAFEAQQBOAGcAQQAzAEEARABZAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=687e9c9c-2fd0-400c-815c-8bf3cc113ec0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2933 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21576098-f5e2-4b2e-b5da-5a863df88289
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA1ADEAOQAuADQANQAtADgAMAA4ADAAOQAwADgAMAA4ADQANgA3ADYAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=3c341276-664d-4ada-98a2-25fa95407edf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2932 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21576098-f5e2-4b2e-b5da-5a863df88289
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA1ADEAOQAuADQANQAtADgAMAA4ADAAOQAwADgAMAA4ADQANgA3ADYAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=3c341276-664d-4ada-98a2-25fa95407edf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2931 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21576098-f5e2-4b2e-b5da-5a863df88289
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA1ADEAOQAuADQANQAtADgAMAA4ADAAOQAwADgAMAA4ADQANgA3ADYAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2930 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21576098-f5e2-4b2e-b5da-5a863df88289
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA1ADEAOQAuADQANQAtADgAMAA4ADAAOQAwADgAMAA4ADQANgA3ADYAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2929 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21576098-f5e2-4b2e-b5da-5a863df88289
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA1ADEAOQAuADQANQAtADgAMAA4ADAAOQAwADgAMAA4ADQANgA3ADYAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2928 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21576098-f5e2-4b2e-b5da-5a863df88289
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA1ADEAOQAuADQANQAtADgAMAA4ADAAOQAwADgAMAA4ADQANgA3ADYAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2927 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21576098-f5e2-4b2e-b5da-5a863df88289
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA1ADEAOQAuADQANQAtADgAMAA4ADAAOQAwADgAMAA4ADQANgA3ADYAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2926 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21576098-f5e2-4b2e-b5da-5a863df88289
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA1ADEAOQAuADQANQAtADgAMAA4ADAAOQAwADgAMAA4ADQANgA3ADYAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2925 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=83f529f5-e71c-4c2b-a7d7-bec9ae3ea779
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAxAEEARABFAEEATwBRAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAGcAQQBNAEEAQQA0AEEARABBAEEATwBRAEEAdwBBAEQAZwBBAE0AQQBBADQAQQBEAFEAQQBOAGcAQQAzAEEARABZAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=687e9c9c-2fd0-400c-815c-8bf3cc113ec0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2924 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=83f529f5-e71c-4c2b-a7d7-bec9ae3ea779
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAxAEEARABFAEEATwBRAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAGcAQQBNAEEAQQA0AEEARABBAEEATwBRAEEAdwBBAEQAZwBBAE0AQQBBADQAQQBEAFEAQQBOAGcAQQAzAEEARABZAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2923 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=83f529f5-e71c-4c2b-a7d7-bec9ae3ea779
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAxAEEARABFAEEATwBRAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAGcAQQBNAEEAQQA0AEEARABBAEEATwBRAEEAdwBBAEQAZwBBAE0AQQBBADQAQQBEAFEAQQBOAGcAQQAzAEEARABZAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2922 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=83f529f5-e71c-4c2b-a7d7-bec9ae3ea779
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAxAEEARABFAEEATwBRAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAGcAQQBNAEEAQQA0AEEARABBAEEATwBRAEEAdwBBAEQAZwBBAE0AQQBBADQAQQBEAFEAQQBOAGcAQQAzAEEARABZAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2921 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=83f529f5-e71c-4c2b-a7d7-bec9ae3ea779
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAxAEEARABFAEEATwBRAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAGcAQQBNAEEAQQA0AEEARABBAEEATwBRAEEAdwBBAEQAZwBBAE0AQQBBADQAQQBEAFEAQQBOAGcAQQAzAEEARABZAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2920 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=83f529f5-e71c-4c2b-a7d7-bec9ae3ea779
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAxAEEARABFAEEATwBRAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAGcAQQBNAEEAQQA0AEEARABBAEEATwBRAEEAdwBBAEQAZwBBAE0AQQBBADQAQQBEAFEAQQBOAGcAQQAzAEEARABZAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2919 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=83f529f5-e71c-4c2b-a7d7-bec9ae3ea779
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAxAEEARABFAEEATwBRAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAGcAQQBNAEEAQQA0AEEARABBAEEATwBRAEEAdwBBAEQAZwBBAE0AQQBBADQAQQBEAFEAQQBOAGcAQQAzAEEARABZAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2918 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2cf39961-97af-434e-95ed-8065eea95e18
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5c154054-093d-453c-ad84-77c03d83b3dd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2917 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79c4293d-f0db-4528-8971-403260c95260
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9f95ad63-7c8e-4e7c-a419-af2624251ccc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2916 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79c4293d-f0db-4528-8971-403260c95260
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2915 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79c4293d-f0db-4528-8971-403260c95260
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2914 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79c4293d-f0db-4528-8971-403260c95260
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2913 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79c4293d-f0db-4528-8971-403260c95260
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2912 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79c4293d-f0db-4528-8971-403260c95260
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2911 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79c4293d-f0db-4528-8971-403260c95260
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2910 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79c4293d-f0db-4528-8971-403260c95260
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2909 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=79c4293d-f0db-4528-8971-403260c95260
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2908 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2cf39961-97af-434e-95ed-8065eea95e18
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5c154054-093d-453c-ad84-77c03d83b3dd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2907 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2cf39961-97af-434e-95ed-8065eea95e18
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2906 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2cf39961-97af-434e-95ed-8065eea95e18
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2905 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2cf39961-97af-434e-95ed-8065eea95e18
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2904 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2cf39961-97af-434e-95ed-8065eea95e18
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2903 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2cf39961-97af-434e-95ed-8065eea95e18
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2902 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2cf39961-97af-434e-95ed-8065eea95e18
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2901 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f253d58-8701-4177-8bcf-623aebd6df8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA1ADEAOQAuADQANQAtADgAMAA4ADAAOQAwADgAMAA4ADQANgA3ADYAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=a4270dc1-3014-4f18-96cb-06c117031ca4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2900 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f253d58-8701-4177-8bcf-623aebd6df8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA1ADEAOQAuADQANQAtADgAMAA4ADAAOQAwADgAMAA4ADQANgA3ADYAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=a4270dc1-3014-4f18-96cb-06c117031ca4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2899 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f253d58-8701-4177-8bcf-623aebd6df8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA1ADEAOQAuADQANQAtADgAMAA4ADAAOQAwADgAMAA4ADQANgA3ADYAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2898 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f253d58-8701-4177-8bcf-623aebd6df8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA1ADEAOQAuADQANQAtADgAMAA4ADAAOQAwADgAMAA4ADQANgA3ADYAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2897 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f253d58-8701-4177-8bcf-623aebd6df8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA1ADEAOQAuADQANQAtADgAMAA4ADAAOQAwADgAMAA4ADQANgA3ADYAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2896 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f253d58-8701-4177-8bcf-623aebd6df8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA1ADEAOQAuADQANQAtADgAMAA4ADAAOQAwADgAMAA4ADQANgA3ADYAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2895 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f253d58-8701-4177-8bcf-623aebd6df8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA1ADEAOQAuADQANQAtADgAMAA4ADAAOQAwADgAMAA4ADQANgA3ADYAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2894 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f253d58-8701-4177-8bcf-623aebd6df8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA1ADEAOQAuADQANQAtADgAMAA4ADAAOQAwADgAMAA4ADQANgA3ADYAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2893 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ed8f91fe-7394-4965-8055-cf97d9aa4c72
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFUAQQBNAFEAQQA1AEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE8AQQBBAHcAQQBEAGcAQQBNAEEAQQA1AEEARABBAEEATwBBAEEAdwBBAEQAZwBBAE4AQQBBADIAQQBEAGMAQQBOAGcAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=a48910c5-fbdc-4b2a-8630-5a8e7d04fa46
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2892 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2f544e5c-1576-41dc-a152-c67c78175883
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADUAMQA5AC4ANAA1AC0AOAAwADgAMAA5ADAAOAAwADgANAA2ADcANgAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=daa4da83-5ee5-40c0-85fe-e307964515c3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2891 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:52:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2f544e5c-1576-41dc-a152-c67c78175883
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADUAMQA5AC4ANAA1AC0AOAAwADgAMAA5ADAAOAAwADgANAA2ADcANgAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=daa4da83-5ee5-40c0-85fe-e307964515c3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2890 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2f544e5c-1576-41dc-a152-c67c78175883
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADUAMQA5AC4ANAA1AC0AOAAwADgAMAA5ADAAOAAwADgANAA2ADcANgAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2889 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2f544e5c-1576-41dc-a152-c67c78175883
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADUAMQA5AC4ANAA1AC0AOAAwADgAMAA5ADAAOAAwADgANAA2ADcANgAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2888 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2f544e5c-1576-41dc-a152-c67c78175883
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADUAMQA5AC4ANAA1AC0AOAAwADgAMAA5ADAAOAAwADgANAA2ADcANgAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2887 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2f544e5c-1576-41dc-a152-c67c78175883
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADUAMQA5AC4ANAA1AC0AOAAwADgAMAA5ADAAOAAwADgANAA2ADcANgAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2886 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2f544e5c-1576-41dc-a152-c67c78175883
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADUAMQA5AC4ANAA1AC0AOAAwADgAMAA5ADAAOAAwADgANAA2ADcANgAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2885 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2f544e5c-1576-41dc-a152-c67c78175883
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADUAMQA5AC4ANAA1AC0AOAAwADgAMAA5ADAAOAAwADgANAA2ADcANgAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2884 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ed8f91fe-7394-4965-8055-cf97d9aa4c72
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFUAQQBNAFEAQQA1AEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE8AQQBBAHcAQQBEAGcAQQBNAEEAQQA1AEEARABBAEEATwBBAEEAdwBBAEQAZwBBAE4AQQBBADIAQQBEAGMAQQBOAGcAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=a48910c5-fbdc-4b2a-8630-5a8e7d04fa46
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2883 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ed8f91fe-7394-4965-8055-cf97d9aa4c72
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFUAQQBNAFEAQQA1AEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE8AQQBBAHcAQQBEAGcAQQBNAEEAQQA1AEEARABBAEEATwBBAEEAdwBBAEQAZwBBAE4AQQBBADIAQQBEAGMAQQBOAGcAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2882 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ed8f91fe-7394-4965-8055-cf97d9aa4c72
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFUAQQBNAFEAQQA1AEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE8AQQBBAHcAQQBEAGcAQQBNAEEAQQA1AEEARABBAEEATwBBAEEAdwBBAEQAZwBBAE4AQQBBADIAQQBEAGMAQQBOAGcAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2881 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ed8f91fe-7394-4965-8055-cf97d9aa4c72
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFUAQQBNAFEAQQA1AEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE8AQQBBAHcAQQBEAGcAQQBNAEEAQQA1AEEARABBAEEATwBBAEEAdwBBAEQAZwBBAE4AQQBBADIAQQBEAGMAQQBOAGcAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2880 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ed8f91fe-7394-4965-8055-cf97d9aa4c72
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFUAQQBNAFEAQQA1AEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE8AQQBBAHcAQQBEAGcAQQBNAEEAQQA1AEEARABBAEEATwBBAEEAdwBBAEQAZwBBAE4AQQBBADIAQQBEAGMAQQBOAGcAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2879 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ed8f91fe-7394-4965-8055-cf97d9aa4c72
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFUAQQBNAFEAQQA1AEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE8AQQBBAHcAQQBEAGcAQQBNAEEAQQA1AEEARABBAEEATwBBAEEAdwBBAEQAZwBBAE4AQQBBADIAQQBEAGMAQQBOAGcAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2878 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ed8f91fe-7394-4965-8055-cf97d9aa4c72
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFUAQQBNAFEAQQA1AEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE8AQQBBAHcAQQBEAGcAQQBNAEEAQQA1AEEARABBAEEATwBBAEEAdwBBAEQAZwBBAE4AQQBBADIAQQBEAGMAQQBOAGcAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2877 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a4914a5-0daf-4f05-a702-9a7b6cb609ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c03fa031-5e77-4ca1-a284-8f2e2bd8e96b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2876 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=438bdeec-74bc-42f6-a737-2c900edde6be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9f24911c-7b5e-4d40-9d6b-7cc8057e1da6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2875 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=438bdeec-74bc-42f6-a737-2c900edde6be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2874 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=438bdeec-74bc-42f6-a737-2c900edde6be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2873 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=438bdeec-74bc-42f6-a737-2c900edde6be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2872 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=438bdeec-74bc-42f6-a737-2c900edde6be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2871 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=438bdeec-74bc-42f6-a737-2c900edde6be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2870 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=438bdeec-74bc-42f6-a737-2c900edde6be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2869 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=438bdeec-74bc-42f6-a737-2c900edde6be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2868 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=438bdeec-74bc-42f6-a737-2c900edde6be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2867 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a4914a5-0daf-4f05-a702-9a7b6cb609ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c03fa031-5e77-4ca1-a284-8f2e2bd8e96b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2866 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a4914a5-0daf-4f05-a702-9a7b6cb609ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2865 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a4914a5-0daf-4f05-a702-9a7b6cb609ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2864 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a4914a5-0daf-4f05-a702-9a7b6cb609ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2863 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a4914a5-0daf-4f05-a702-9a7b6cb609ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2862 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a4914a5-0daf-4f05-a702-9a7b6cb609ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2861 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a4914a5-0daf-4f05-a702-9a7b6cb609ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2860 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=219fc45d-a861-45fe-982c-325339ca7acc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d9fb91b6-a063-4465-8f7e-f20c33d7141d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2859 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f9b4014-0ddf-4bb1-be75-5dd16fc3c7e4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=5.1.14393.1944
RunspaceId=d2b45a32-b6e7-4126-94a7-c977452da0cf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2858 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f9b4014-0ddf-4bb1-be75-5dd16fc3c7e4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=5.1.14393.1944
RunspaceId=d2b45a32-b6e7-4126-94a7-c977452da0cf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2857 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f9b4014-0ddf-4bb1-be75-5dd16fc3c7e4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2856 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f9b4014-0ddf-4bb1-be75-5dd16fc3c7e4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2855 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f9b4014-0ddf-4bb1-be75-5dd16fc3c7e4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2854 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f9b4014-0ddf-4bb1-be75-5dd16fc3c7e4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2853 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f9b4014-0ddf-4bb1-be75-5dd16fc3c7e4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2852 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f9b4014-0ddf-4bb1-be75-5dd16fc3c7e4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2851 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8ca1d773-a4a4-48e6-ba32-5f114f07444d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=04abf794-aa96-4617-a610-5196a993ecf4
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2850 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8ca1d773-a4a4-48e6-ba32-5f114f07444d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=04abf794-aa96-4617-a610-5196a993ecf4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2849 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8ca1d773-a4a4-48e6-ba32-5f114f07444d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2848 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8ca1d773-a4a4-48e6-ba32-5f114f07444d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2847 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8ca1d773-a4a4-48e6-ba32-5f114f07444d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2846 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8ca1d773-a4a4-48e6-ba32-5f114f07444d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2845 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8ca1d773-a4a4-48e6-ba32-5f114f07444d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2844 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8ca1d773-a4a4-48e6-ba32-5f114f07444d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2843 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8ca1d773-a4a4-48e6-ba32-5f114f07444d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2842 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8ca1d773-a4a4-48e6-ba32-5f114f07444d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2841 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=219fc45d-a861-45fe-982c-325339ca7acc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d9fb91b6-a063-4465-8f7e-f20c33d7141d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2840 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=219fc45d-a861-45fe-982c-325339ca7acc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2839 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=219fc45d-a861-45fe-982c-325339ca7acc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2838 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=219fc45d-a861-45fe-982c-325339ca7acc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2837 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=219fc45d-a861-45fe-982c-325339ca7acc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2836 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=219fc45d-a861-45fe-982c-325339ca7acc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2835 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=219fc45d-a861-45fe-982c-325339ca7acc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2834 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6891c29e-dd3b-4665-a095-ccaf5786b634
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3ecd2c6b-ef40-478a-a5de-c097c120f139
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2833 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=46addead-55a8-48b1-9c80-99151330b176
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=3d1757ff-f129-4c51-8318-651cbdd01021
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2832 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=46addead-55a8-48b1-9c80-99151330b176
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=3d1757ff-f129-4c51-8318-651cbdd01021
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2831 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=46addead-55a8-48b1-9c80-99151330b176
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2830 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=46addead-55a8-48b1-9c80-99151330b176
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2829 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=46addead-55a8-48b1-9c80-99151330b176
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2828 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=46addead-55a8-48b1-9c80-99151330b176
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2827 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=46addead-55a8-48b1-9c80-99151330b176
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2826 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=46addead-55a8-48b1-9c80-99151330b176
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2825 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1e09595-6ff0-4a08-b2e0-11e7d14e5d74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c4fdb0e8-af22-4974-8ac3-6b7db681a274
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2824 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1e09595-6ff0-4a08-b2e0-11e7d14e5d74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c4fdb0e8-af22-4974-8ac3-6b7db681a274
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2823 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1e09595-6ff0-4a08-b2e0-11e7d14e5d74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2822 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1e09595-6ff0-4a08-b2e0-11e7d14e5d74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2821 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1e09595-6ff0-4a08-b2e0-11e7d14e5d74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2820 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1e09595-6ff0-4a08-b2e0-11e7d14e5d74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2819 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1e09595-6ff0-4a08-b2e0-11e7d14e5d74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2818 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1e09595-6ff0-4a08-b2e0-11e7d14e5d74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2817 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1e09595-6ff0-4a08-b2e0-11e7d14e5d74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2816 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1e09595-6ff0-4a08-b2e0-11e7d14e5d74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2815 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6891c29e-dd3b-4665-a095-ccaf5786b634
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3ecd2c6b-ef40-478a-a5de-c097c120f139
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2814 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6891c29e-dd3b-4665-a095-ccaf5786b634
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2813 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6891c29e-dd3b-4665-a095-ccaf5786b634
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2812 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6891c29e-dd3b-4665-a095-ccaf5786b634
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2811 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6891c29e-dd3b-4665-a095-ccaf5786b634
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2810 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6891c29e-dd3b-4665-a095-ccaf5786b634
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2809 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6891c29e-dd3b-4665-a095-ccaf5786b634
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2808 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b34b0c54-b33d-4dce-b680-ae90188d26c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=01852afc-4d5d-48b1-b745-e6427d0d9b87
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2807 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32f6b43d-b42f-4382-8d4d-cd68cca7694e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=af0275ae-1cf3-4955-9d84-ff8c55e260f0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2806 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32f6b43d-b42f-4382-8d4d-cd68cca7694e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=af0275ae-1cf3-4955-9d84-ff8c55e260f0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2805 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32f6b43d-b42f-4382-8d4d-cd68cca7694e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2804 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32f6b43d-b42f-4382-8d4d-cd68cca7694e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2803 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32f6b43d-b42f-4382-8d4d-cd68cca7694e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2802 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32f6b43d-b42f-4382-8d4d-cd68cca7694e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2801 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32f6b43d-b42f-4382-8d4d-cd68cca7694e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2800 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32f6b43d-b42f-4382-8d4d-cd68cca7694e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2799 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0f3aa8e0-77ef-421c-bb8e-6564dbc8d722
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7d6e9a61-15e9-4fc0-a403-bb71e96c1943
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2798 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0f3aa8e0-77ef-421c-bb8e-6564dbc8d722
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7d6e9a61-15e9-4fc0-a403-bb71e96c1943
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2797 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0f3aa8e0-77ef-421c-bb8e-6564dbc8d722
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2796 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0f3aa8e0-77ef-421c-bb8e-6564dbc8d722
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2795 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0f3aa8e0-77ef-421c-bb8e-6564dbc8d722
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2794 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0f3aa8e0-77ef-421c-bb8e-6564dbc8d722
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2793 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0f3aa8e0-77ef-421c-bb8e-6564dbc8d722
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2792 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0f3aa8e0-77ef-421c-bb8e-6564dbc8d722
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2791 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0f3aa8e0-77ef-421c-bb8e-6564dbc8d722
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2790 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0f3aa8e0-77ef-421c-bb8e-6564dbc8d722
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2789 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b34b0c54-b33d-4dce-b680-ae90188d26c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=01852afc-4d5d-48b1-b745-e6427d0d9b87
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2788 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b34b0c54-b33d-4dce-b680-ae90188d26c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2787 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b34b0c54-b33d-4dce-b680-ae90188d26c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2786 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b34b0c54-b33d-4dce-b680-ae90188d26c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2785 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b34b0c54-b33d-4dce-b680-ae90188d26c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2784 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b34b0c54-b33d-4dce-b680-ae90188d26c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2783 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b34b0c54-b33d-4dce-b680-ae90188d26c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2782 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90976497-1a76-48c2-ac8c-821fd4ce78d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABjAEEATgBnAEEAdQBBAEQAZwBBAE0AdwBBAHQAQQBEAFkAQQBPAFEAQQAyAEEARABBAEEATgBBAEEAeQBBAEQAYwBBAE0AQQBBADEAQQBEAEkAQQBPAFEAQQAxAEEARABZAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=68186d7c-f366-424e-872c-439e8e5267d7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2781 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2bbae7c3-5f24-432d-ac18-6b2cf2b81804
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADcANgAuADgAMwAtADYAOQA2ADAANAAyADcAMAA1ADIAOQA1ADYAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=69ceedc3-bfdb-4ec9-9b6e-b48e901cf7a3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2780 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2bbae7c3-5f24-432d-ac18-6b2cf2b81804
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADcANgAuADgAMwAtADYAOQA2ADAANAAyADcAMAA1ADIAOQA1ADYAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=69ceedc3-bfdb-4ec9-9b6e-b48e901cf7a3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2779 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2bbae7c3-5f24-432d-ac18-6b2cf2b81804
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADcANgAuADgAMwAtADYAOQA2ADAANAAyADcAMAA1ADIAOQA1ADYAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2778 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2bbae7c3-5f24-432d-ac18-6b2cf2b81804
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADcANgAuADgAMwAtADYAOQA2ADAANAAyADcAMAA1ADIAOQA1ADYAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2777 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2bbae7c3-5f24-432d-ac18-6b2cf2b81804
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADcANgAuADgAMwAtADYAOQA2ADAANAAyADcAMAA1ADIAOQA1ADYAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2776 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2bbae7c3-5f24-432d-ac18-6b2cf2b81804
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADcANgAuADgAMwAtADYAOQA2ADAANAAyADcAMAA1ADIAOQA1ADYAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2775 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2bbae7c3-5f24-432d-ac18-6b2cf2b81804
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADcANgAuADgAMwAtADYAOQA2ADAANAAyADcAMAA1ADIAOQA1ADYAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2774 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2bbae7c3-5f24-432d-ac18-6b2cf2b81804
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADcANgAuADgAMwAtADYAOQA2ADAANAAyADcAMAA1ADIAOQA1ADYAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2773 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90976497-1a76-48c2-ac8c-821fd4ce78d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABjAEEATgBnAEEAdQBBAEQAZwBBAE0AdwBBAHQAQQBEAFkAQQBPAFEAQQAyAEEARABBAEEATgBBAEEAeQBBAEQAYwBBAE0AQQBBADEAQQBEAEkAQQBPAFEAQQAxAEEARABZAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=68186d7c-f366-424e-872c-439e8e5267d7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2772 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90976497-1a76-48c2-ac8c-821fd4ce78d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABjAEEATgBnAEEAdQBBAEQAZwBBAE0AdwBBAHQAQQBEAFkAQQBPAFEAQQAyAEEARABBAEEATgBBAEEAeQBBAEQAYwBBAE0AQQBBADEAQQBEAEkAQQBPAFEAQQAxAEEARABZAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2771 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90976497-1a76-48c2-ac8c-821fd4ce78d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABjAEEATgBnAEEAdQBBAEQAZwBBAE0AdwBBAHQAQQBEAFkAQQBPAFEAQQAyAEEARABBAEEATgBBAEEAeQBBAEQAYwBBAE0AQQBBADEAQQBEAEkAQQBPAFEAQQAxAEEARABZAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2770 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90976497-1a76-48c2-ac8c-821fd4ce78d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABjAEEATgBnAEEAdQBBAEQAZwBBAE0AdwBBAHQAQQBEAFkAQQBPAFEAQQAyAEEARABBAEEATgBBAEEAeQBBAEQAYwBBAE0AQQBBADEAQQBEAEkAQQBPAFEAQQAxAEEARABZAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2769 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90976497-1a76-48c2-ac8c-821fd4ce78d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABjAEEATgBnAEEAdQBBAEQAZwBBAE0AdwBBAHQAQQBEAFkAQQBPAFEAQQAyAEEARABBAEEATgBBAEEAeQBBAEQAYwBBAE0AQQBBADEAQQBEAEkAQQBPAFEAQQAxAEEARABZAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2768 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90976497-1a76-48c2-ac8c-821fd4ce78d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABjAEEATgBnAEEAdQBBAEQAZwBBAE0AdwBBAHQAQQBEAFkAQQBPAFEAQQAyAEEARABBAEEATgBBAEEAeQBBAEQAYwBBAE0AQQBBADEAQQBEAEkAQQBPAFEAQQAxAEEARABZAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2767 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90976497-1a76-48c2-ac8c-821fd4ce78d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABjAEEATgBnAEEAdQBBAEQAZwBBAE0AdwBBAHQAQQBEAFkAQQBPAFEAQQAyAEEARABBAEEATgBBAEEAeQBBAEQAYwBBAE0AQQBBADEAQQBEAEkAQQBPAFEAQQAxAEEARABZAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2766 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c7835f8a-f4a4-4a91-8094-be4f5e72e3c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=381fff06-3103-4cd0-9476-f4ff06ee58b0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2765 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=80b679ea-1794-4cf9-b04b-2276ad7e18ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=86797e7c-32bf-4094-9bb1-bf1b7df2036b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2764 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=80b679ea-1794-4cf9-b04b-2276ad7e18ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2763 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=80b679ea-1794-4cf9-b04b-2276ad7e18ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2762 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=80b679ea-1794-4cf9-b04b-2276ad7e18ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2761 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=80b679ea-1794-4cf9-b04b-2276ad7e18ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2760 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=80b679ea-1794-4cf9-b04b-2276ad7e18ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2759 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=80b679ea-1794-4cf9-b04b-2276ad7e18ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2758 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=80b679ea-1794-4cf9-b04b-2276ad7e18ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2757 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=80b679ea-1794-4cf9-b04b-2276ad7e18ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2756 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c7835f8a-f4a4-4a91-8094-be4f5e72e3c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=381fff06-3103-4cd0-9476-f4ff06ee58b0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2755 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c7835f8a-f4a4-4a91-8094-be4f5e72e3c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2754 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c7835f8a-f4a4-4a91-8094-be4f5e72e3c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2753 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c7835f8a-f4a4-4a91-8094-be4f5e72e3c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2752 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c7835f8a-f4a4-4a91-8094-be4f5e72e3c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2751 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c7835f8a-f4a4-4a91-8094-be4f5e72e3c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2750 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c7835f8a-f4a4-4a91-8094-be4f5e72e3c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2749 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0d22b4a-f8d6-403b-a764-676420aef5b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADcANgAuADgAMwAtADYAOQA2ADAANAAyADcAMAA1ADIAOQA1ADYAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=7cad51a4-07b8-493c-9459-02c6aa315f9b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2748 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0d22b4a-f8d6-403b-a764-676420aef5b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADcANgAuADgAMwAtADYAOQA2ADAANAAyADcAMAA1ADIAOQA1ADYAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=7cad51a4-07b8-493c-9459-02c6aa315f9b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2747 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0d22b4a-f8d6-403b-a764-676420aef5b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADcANgAuADgAMwAtADYAOQA2ADAANAAyADcAMAA1ADIAOQA1ADYAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2746 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0d22b4a-f8d6-403b-a764-676420aef5b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADcANgAuADgAMwAtADYAOQA2ADAANAAyADcAMAA1ADIAOQA1ADYAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2745 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0d22b4a-f8d6-403b-a764-676420aef5b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADcANgAuADgAMwAtADYAOQA2ADAANAAyADcAMAA1ADIAOQA1ADYAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2744 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0d22b4a-f8d6-403b-a764-676420aef5b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADcANgAuADgAMwAtADYAOQA2ADAANAAyADcAMAA1ADIAOQA1ADYAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2743 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0d22b4a-f8d6-403b-a764-676420aef5b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADcANgAuADgAMwAtADYAOQA2ADAANAAyADcAMAA1ADIAOQA1ADYAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2742 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0d22b4a-f8d6-403b-a764-676420aef5b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADcANgAuADgAMwAtADYAOQA2ADAANAAyADcAMAA1ADIAOQA1ADYAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2741 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=62ae50a4-30f3-40fa-b6f8-3e96e4336c44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBOAHcAQQAyAEEAQwA0AEEATwBBAEEAegBBAEMAMABBAE4AZwBBADUAQQBEAFkAQQBNAEEAQQAwAEEARABJAEEATgB3AEEAdwBBAEQAVQBBAE0AZwBBADUAQQBEAFUAQQBOAGcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=95ca3497-9536-4b01-900e-1aba386d95ed
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2740 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92f0af94-7376-4a8d-9568-4ca0b86f1b87
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQANwA2AC4AOAAzAC0ANgA5ADYAMAA0ADIANwAwADUAMgA5ADUANgA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=e3f68480-8a14-44b6-9539-8b528614b86f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2739 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92f0af94-7376-4a8d-9568-4ca0b86f1b87
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQANwA2AC4AOAAzAC0ANgA5ADYAMAA0ADIANwAwADUAMgA5ADUANgA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=e3f68480-8a14-44b6-9539-8b528614b86f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2738 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92f0af94-7376-4a8d-9568-4ca0b86f1b87
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQANwA2AC4AOAAzAC0ANgA5ADYAMAA0ADIANwAwADUAMgA5ADUANgA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2737 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92f0af94-7376-4a8d-9568-4ca0b86f1b87
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQANwA2AC4AOAAzAC0ANgA5ADYAMAA0ADIANwAwADUAMgA5ADUANgA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2736 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92f0af94-7376-4a8d-9568-4ca0b86f1b87
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQANwA2AC4AOAAzAC0ANgA5ADYAMAA0ADIANwAwADUAMgA5ADUANgA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2735 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92f0af94-7376-4a8d-9568-4ca0b86f1b87
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQANwA2AC4AOAAzAC0ANgA5ADYAMAA0ADIANwAwADUAMgA5ADUANgA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2734 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92f0af94-7376-4a8d-9568-4ca0b86f1b87
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQANwA2AC4AOAAzAC0ANgA5ADYAMAA0ADIANwAwADUAMgA5ADUANgA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2733 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92f0af94-7376-4a8d-9568-4ca0b86f1b87
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQANwA2AC4AOAAzAC0ANgA5ADYAMAA0ADIANwAwADUAMgA5ADUANgA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2732 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=62ae50a4-30f3-40fa-b6f8-3e96e4336c44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBOAHcAQQAyAEEAQwA0AEEATwBBAEEAegBBAEMAMABBAE4AZwBBADUAQQBEAFkAQQBNAEEAQQAwAEEARABJAEEATgB3AEEAdwBBAEQAVQBBAE0AZwBBADUAQQBEAFUAQQBOAGcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=95ca3497-9536-4b01-900e-1aba386d95ed
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2731 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=62ae50a4-30f3-40fa-b6f8-3e96e4336c44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBOAHcAQQAyAEEAQwA0AEEATwBBAEEAegBBAEMAMABBAE4AZwBBADUAQQBEAFkAQQBNAEEAQQAwAEEARABJAEEATgB3AEEAdwBBAEQAVQBBAE0AZwBBADUAQQBEAFUAQQBOAGcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2730 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=62ae50a4-30f3-40fa-b6f8-3e96e4336c44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBOAHcAQQAyAEEAQwA0AEEATwBBAEEAegBBAEMAMABBAE4AZwBBADUAQQBEAFkAQQBNAEEAQQAwAEEARABJAEEATgB3AEEAdwBBAEQAVQBBAE0AZwBBADUAQQBEAFUAQQBOAGcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2729 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=62ae50a4-30f3-40fa-b6f8-3e96e4336c44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBOAHcAQQAyAEEAQwA0AEEATwBBAEEAegBBAEMAMABBAE4AZwBBADUAQQBEAFkAQQBNAEEAQQAwAEEARABJAEEATgB3AEEAdwBBAEQAVQBBAE0AZwBBADUAQQBEAFUAQQBOAGcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2728 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=62ae50a4-30f3-40fa-b6f8-3e96e4336c44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBOAHcAQQAyAEEAQwA0AEEATwBBAEEAegBBAEMAMABBAE4AZwBBADUAQQBEAFkAQQBNAEEAQQAwAEEARABJAEEATgB3AEEAdwBBAEQAVQBBAE0AZwBBADUAQQBEAFUAQQBOAGcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2727 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=62ae50a4-30f3-40fa-b6f8-3e96e4336c44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBOAHcAQQAyAEEAQwA0AEEATwBBAEEAegBBAEMAMABBAE4AZwBBADUAQQBEAFkAQQBNAEEAQQAwAEEARABJAEEATgB3AEEAdwBBAEQAVQBBAE0AZwBBADUAQQBEAFUAQQBOAGcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2726 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=62ae50a4-30f3-40fa-b6f8-3e96e4336c44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBOAHcAQQAyAEEAQwA0AEEATwBBAEEAegBBAEMAMABBAE4AZwBBADUAQQBEAFkAQQBNAEEAQQAwAEEARABJAEEATgB3AEEAdwBBAEQAVQBBAE0AZwBBADUAQQBEAFUAQQBOAGcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2725 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=693656b8-21e0-42e7-b3f5-78c4a484e97a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=314c2335-3fbe-4726-9d3e-9f6d126d8f7d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2724 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e944d030-7f1d-4f44-8949-8059183502b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=73b97bc3-6a4a-4fef-8a0d-773e196fb25a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2723 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e944d030-7f1d-4f44-8949-8059183502b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2722 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e944d030-7f1d-4f44-8949-8059183502b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2721 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e944d030-7f1d-4f44-8949-8059183502b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2720 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e944d030-7f1d-4f44-8949-8059183502b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2719 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e944d030-7f1d-4f44-8949-8059183502b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2718 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e944d030-7f1d-4f44-8949-8059183502b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2717 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e944d030-7f1d-4f44-8949-8059183502b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2716 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e944d030-7f1d-4f44-8949-8059183502b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2715 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=693656b8-21e0-42e7-b3f5-78c4a484e97a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=314c2335-3fbe-4726-9d3e-9f6d126d8f7d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2714 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=693656b8-21e0-42e7-b3f5-78c4a484e97a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2713 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=693656b8-21e0-42e7-b3f5-78c4a484e97a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2712 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=693656b8-21e0-42e7-b3f5-78c4a484e97a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2711 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=693656b8-21e0-42e7-b3f5-78c4a484e97a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2710 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=693656b8-21e0-42e7-b3f5-78c4a484e97a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2709 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=693656b8-21e0-42e7-b3f5-78c4a484e97a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2708 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=77216caa-3d93-466d-bbd3-ab2155857dd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=64e4dada-f065-4de7-8a0f-552d241753fa
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2707 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ea1fa10-6df5-4bf9-be57-51b7f3d29ea6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=5.1.14393.1944
RunspaceId=6fa5141b-5055-4a0a-8545-e44933a50b8a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2706 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ea1fa10-6df5-4bf9-be57-51b7f3d29ea6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=5.1.14393.1944
RunspaceId=6fa5141b-5055-4a0a-8545-e44933a50b8a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2705 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ea1fa10-6df5-4bf9-be57-51b7f3d29ea6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2704 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ea1fa10-6df5-4bf9-be57-51b7f3d29ea6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2703 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ea1fa10-6df5-4bf9-be57-51b7f3d29ea6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2702 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ea1fa10-6df5-4bf9-be57-51b7f3d29ea6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2701 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ea1fa10-6df5-4bf9-be57-51b7f3d29ea6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2700 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ea1fa10-6df5-4bf9-be57-51b7f3d29ea6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2699 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bbb19bac-474e-4087-932c-d7d44d4e1134
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6fef2169-5808-4b74-a3df-08a9422f5b84
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2698 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bbb19bac-474e-4087-932c-d7d44d4e1134
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6fef2169-5808-4b74-a3df-08a9422f5b84
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2697 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bbb19bac-474e-4087-932c-d7d44d4e1134
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2696 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bbb19bac-474e-4087-932c-d7d44d4e1134
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2695 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bbb19bac-474e-4087-932c-d7d44d4e1134
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2694 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bbb19bac-474e-4087-932c-d7d44d4e1134
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2693 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bbb19bac-474e-4087-932c-d7d44d4e1134
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2692 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bbb19bac-474e-4087-932c-d7d44d4e1134
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2691 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bbb19bac-474e-4087-932c-d7d44d4e1134
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2690 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bbb19bac-474e-4087-932c-d7d44d4e1134
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2689 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=77216caa-3d93-466d-bbd3-ab2155857dd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=64e4dada-f065-4de7-8a0f-552d241753fa
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2688 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=77216caa-3d93-466d-bbd3-ab2155857dd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2687 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=77216caa-3d93-466d-bbd3-ab2155857dd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2686 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=77216caa-3d93-466d-bbd3-ab2155857dd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2685 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=77216caa-3d93-466d-bbd3-ab2155857dd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2684 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=77216caa-3d93-466d-bbd3-ab2155857dd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2683 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=77216caa-3d93-466d-bbd3-ab2155857dd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2682 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=312b6675-01cd-4b6f-bf75-980dc287b509
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=24cc1148-43a3-43e2-8b6a-5ff286b3c9f5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2681 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=423e3089-5d37-4732-8138-00d00c146a4b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=5.1.14393.1944
RunspaceId=2ccd3c0d-013d-47b7-ad9a-3e37437cc0da
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2680 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=423e3089-5d37-4732-8138-00d00c146a4b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=5.1.14393.1944
RunspaceId=2ccd3c0d-013d-47b7-ad9a-3e37437cc0da
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2679 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=423e3089-5d37-4732-8138-00d00c146a4b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2678 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=423e3089-5d37-4732-8138-00d00c146a4b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2677 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=423e3089-5d37-4732-8138-00d00c146a4b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2676 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=423e3089-5d37-4732-8138-00d00c146a4b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2675 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=423e3089-5d37-4732-8138-00d00c146a4b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2674 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=423e3089-5d37-4732-8138-00d00c146a4b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2673 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=50031917-59ac-44d6-a5c8-e0e32e2759e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=df0a8b8a-c728-4d6b-b8fa-f229bd434fcc
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2672 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=50031917-59ac-44d6-a5c8-e0e32e2759e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=df0a8b8a-c728-4d6b-b8fa-f229bd434fcc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2671 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=50031917-59ac-44d6-a5c8-e0e32e2759e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2670 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=50031917-59ac-44d6-a5c8-e0e32e2759e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2669 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=50031917-59ac-44d6-a5c8-e0e32e2759e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2668 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=50031917-59ac-44d6-a5c8-e0e32e2759e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2667 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=50031917-59ac-44d6-a5c8-e0e32e2759e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2666 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=50031917-59ac-44d6-a5c8-e0e32e2759e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2665 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=50031917-59ac-44d6-a5c8-e0e32e2759e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2664 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=50031917-59ac-44d6-a5c8-e0e32e2759e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2663 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:51:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=312b6675-01cd-4b6f-bf75-980dc287b509
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=24cc1148-43a3-43e2-8b6a-5ff286b3c9f5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2662 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=312b6675-01cd-4b6f-bf75-980dc287b509
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2661 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=312b6675-01cd-4b6f-bf75-980dc287b509
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2660 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=312b6675-01cd-4b6f-bf75-980dc287b509
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2659 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=312b6675-01cd-4b6f-bf75-980dc287b509
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2658 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=312b6675-01cd-4b6f-bf75-980dc287b509
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2657 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=312b6675-01cd-4b6f-bf75-980dc287b509
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2656 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6e4d48f6-f4a2-4742-8fc7-05096ed8d703
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d58ed0e2-6a7c-4eff-a958-d135c9cbae2a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2655 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8e4fe8c-fff2-46c4-b2c9-9b5715bb06b1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=5.1.14393.1944
RunspaceId=99eddfbe-b5d6-4daf-b611-752714002c92
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2654 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8e4fe8c-fff2-46c4-b2c9-9b5715bb06b1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=5.1.14393.1944
RunspaceId=99eddfbe-b5d6-4daf-b611-752714002c92
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2653 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8e4fe8c-fff2-46c4-b2c9-9b5715bb06b1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2652 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8e4fe8c-fff2-46c4-b2c9-9b5715bb06b1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2651 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8e4fe8c-fff2-46c4-b2c9-9b5715bb06b1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2650 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8e4fe8c-fff2-46c4-b2c9-9b5715bb06b1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2649 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8e4fe8c-fff2-46c4-b2c9-9b5715bb06b1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2648 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8e4fe8c-fff2-46c4-b2c9-9b5715bb06b1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2647 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=16733b9f-2661-4da4-b4b6-38b6c675a429
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6452b742-e170-4aa8-8543-ebb5bc0ea28c
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2646 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=16733b9f-2661-4da4-b4b6-38b6c675a429
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6452b742-e170-4aa8-8543-ebb5bc0ea28c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2645 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=16733b9f-2661-4da4-b4b6-38b6c675a429
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2644 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=16733b9f-2661-4da4-b4b6-38b6c675a429
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2643 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=16733b9f-2661-4da4-b4b6-38b6c675a429
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2642 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=16733b9f-2661-4da4-b4b6-38b6c675a429
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2641 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=16733b9f-2661-4da4-b4b6-38b6c675a429
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2640 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=16733b9f-2661-4da4-b4b6-38b6c675a429
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2639 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=16733b9f-2661-4da4-b4b6-38b6c675a429
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2638 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=16733b9f-2661-4da4-b4b6-38b6c675a429
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2637 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6e4d48f6-f4a2-4742-8fc7-05096ed8d703
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d58ed0e2-6a7c-4eff-a958-d135c9cbae2a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2636 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6e4d48f6-f4a2-4742-8fc7-05096ed8d703
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2635 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6e4d48f6-f4a2-4742-8fc7-05096ed8d703
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2634 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6e4d48f6-f4a2-4742-8fc7-05096ed8d703
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2633 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6e4d48f6-f4a2-4742-8fc7-05096ed8d703
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2632 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6e4d48f6-f4a2-4742-8fc7-05096ed8d703
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2631 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6e4d48f6-f4a2-4742-8fc7-05096ed8d703
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2630 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36ccfed8-ef48-491e-9cdc-88340ec5b31d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABVAEEATQB3AEEAdQBBAEQAYwBBAE8AQQBBAHQAQQBEAFUAQQBOAHcAQQA1AEEARABFAEEATgBBAEEAdwBBAEQAVQBBAE4AZwBBADAAQQBEAGsAQQBNAFEAQQA1AEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=043317e0-c83c-4ea7-aa34-c9c2f3c7e43a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2629 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b90e6e5b-8caa-4ef6-8b60-7604ecd81c50
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADUAMwAuADcAOAAtADUANwA5ADEANAAwADUANgA0ADkAMQA5ADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=7484e8b9-3434-4eab-91bc-02c574947361
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2628 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b90e6e5b-8caa-4ef6-8b60-7604ecd81c50
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADUAMwAuADcAOAAtADUANwA5ADEANAAwADUANgA0ADkAMQA5ADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=7484e8b9-3434-4eab-91bc-02c574947361
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2627 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b90e6e5b-8caa-4ef6-8b60-7604ecd81c50
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADUAMwAuADcAOAAtADUANwA5ADEANAAwADUANgA0ADkAMQA5ADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2626 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b90e6e5b-8caa-4ef6-8b60-7604ecd81c50
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADUAMwAuADcAOAAtADUANwA5ADEANAAwADUANgA0ADkAMQA5ADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2625 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b90e6e5b-8caa-4ef6-8b60-7604ecd81c50
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADUAMwAuADcAOAAtADUANwA5ADEANAAwADUANgA0ADkAMQA5ADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2624 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b90e6e5b-8caa-4ef6-8b60-7604ecd81c50
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADUAMwAuADcAOAAtADUANwA5ADEANAAwADUANgA0ADkAMQA5ADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2623 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b90e6e5b-8caa-4ef6-8b60-7604ecd81c50
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADUAMwAuADcAOAAtADUANwA5ADEANAAwADUANgA0ADkAMQA5ADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2622 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b90e6e5b-8caa-4ef6-8b60-7604ecd81c50
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADUAMwAuADcAOAAtADUANwA5ADEANAAwADUANgA0ADkAMQA5ADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2621 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36ccfed8-ef48-491e-9cdc-88340ec5b31d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABVAEEATQB3AEEAdQBBAEQAYwBBAE8AQQBBAHQAQQBEAFUAQQBOAHcAQQA1AEEARABFAEEATgBBAEEAdwBBAEQAVQBBAE4AZwBBADAAQQBEAGsAQQBNAFEAQQA1AEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=043317e0-c83c-4ea7-aa34-c9c2f3c7e43a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2620 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36ccfed8-ef48-491e-9cdc-88340ec5b31d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABVAEEATQB3AEEAdQBBAEQAYwBBAE8AQQBBAHQAQQBEAFUAQQBOAHcAQQA1AEEARABFAEEATgBBAEEAdwBBAEQAVQBBAE4AZwBBADAAQQBEAGsAQQBNAFEAQQA1AEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2619 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36ccfed8-ef48-491e-9cdc-88340ec5b31d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABVAEEATQB3AEEAdQBBAEQAYwBBAE8AQQBBAHQAQQBEAFUAQQBOAHcAQQA1AEEARABFAEEATgBBAEEAdwBBAEQAVQBBAE4AZwBBADAAQQBEAGsAQQBNAFEAQQA1AEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2618 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36ccfed8-ef48-491e-9cdc-88340ec5b31d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABVAEEATQB3AEEAdQBBAEQAYwBBAE8AQQBBAHQAQQBEAFUAQQBOAHcAQQA1AEEARABFAEEATgBBAEEAdwBBAEQAVQBBAE4AZwBBADAAQQBEAGsAQQBNAFEAQQA1AEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2617 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36ccfed8-ef48-491e-9cdc-88340ec5b31d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABVAEEATQB3AEEAdQBBAEQAYwBBAE8AQQBBAHQAQQBEAFUAQQBOAHcAQQA1AEEARABFAEEATgBBAEEAdwBBAEQAVQBBAE4AZwBBADAAQQBEAGsAQQBNAFEAQQA1AEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2616 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36ccfed8-ef48-491e-9cdc-88340ec5b31d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABVAEEATQB3AEEAdQBBAEQAYwBBAE8AQQBBAHQAQQBEAFUAQQBOAHcAQQA1AEEARABFAEEATgBBAEEAdwBBAEQAVQBBAE4AZwBBADAAQQBEAGsAQQBNAFEAQQA1AEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2615 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36ccfed8-ef48-491e-9cdc-88340ec5b31d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABVAEEATQB3AEEAdQBBAEQAYwBBAE8AQQBBAHQAQQBEAFUAQQBOAHcAQQA1AEEARABFAEEATgBBAEEAdwBBAEQAVQBBAE4AZwBBADAAQQBEAGsAQQBNAFEAQQA1AEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2614 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4cf14584-09e6-4f5d-8f9a-2f0cdce1501a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d9654432-1b08-4ab3-95fa-bd6819b41ec5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2613 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=57f7e66d-04ec-47ae-ab84-67860d4bd864
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bc723b03-f281-49f7-b486-e4a01137935f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2612 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=57f7e66d-04ec-47ae-ab84-67860d4bd864
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2611 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=57f7e66d-04ec-47ae-ab84-67860d4bd864
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2610 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=57f7e66d-04ec-47ae-ab84-67860d4bd864
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2609 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=57f7e66d-04ec-47ae-ab84-67860d4bd864
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2608 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=57f7e66d-04ec-47ae-ab84-67860d4bd864
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2607 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=57f7e66d-04ec-47ae-ab84-67860d4bd864
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2606 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=57f7e66d-04ec-47ae-ab84-67860d4bd864
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2605 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=57f7e66d-04ec-47ae-ab84-67860d4bd864
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2604 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4cf14584-09e6-4f5d-8f9a-2f0cdce1501a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d9654432-1b08-4ab3-95fa-bd6819b41ec5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2603 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4cf14584-09e6-4f5d-8f9a-2f0cdce1501a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2602 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4cf14584-09e6-4f5d-8f9a-2f0cdce1501a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2601 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4cf14584-09e6-4f5d-8f9a-2f0cdce1501a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2600 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4cf14584-09e6-4f5d-8f9a-2f0cdce1501a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2599 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4cf14584-09e6-4f5d-8f9a-2f0cdce1501a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2598 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4cf14584-09e6-4f5d-8f9a-2f0cdce1501a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2597 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e68ac27e-6aeb-4493-948c-f50f674cd23c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADUAMwAuADcAOAAtADUANwA5ADEANAAwADUANgA0ADkAMQA5ADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=5d176e38-2dc0-48e5-884a-66f3b8ee60d4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2596 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e68ac27e-6aeb-4493-948c-f50f674cd23c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADUAMwAuADcAOAAtADUANwA5ADEANAAwADUANgA0ADkAMQA5ADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=5d176e38-2dc0-48e5-884a-66f3b8ee60d4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2595 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e68ac27e-6aeb-4493-948c-f50f674cd23c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADUAMwAuADcAOAAtADUANwA5ADEANAAwADUANgA0ADkAMQA5ADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2594 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e68ac27e-6aeb-4493-948c-f50f674cd23c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADUAMwAuADcAOAAtADUANwA5ADEANAAwADUANgA0ADkAMQA5ADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2593 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e68ac27e-6aeb-4493-948c-f50f674cd23c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADUAMwAuADcAOAAtADUANwA5ADEANAAwADUANgA0ADkAMQA5ADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2592 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e68ac27e-6aeb-4493-948c-f50f674cd23c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADUAMwAuADcAOAAtADUANwA5ADEANAAwADUANgA0ADkAMQA5ADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2591 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e68ac27e-6aeb-4493-948c-f50f674cd23c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADUAMwAuADcAOAAtADUANwA5ADEANAAwADUANgA0ADkAMQA5ADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2590 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e68ac27e-6aeb-4493-948c-f50f674cd23c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADUAMwAuADcAOAAtADUANwA5ADEANAAwADUANgA0ADkAMQA5ADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2589 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1440a2fe-16b4-41bf-91ad-07584e641b6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBOAFEAQQB6AEEAQwA0AEEATgB3AEEANABBAEMAMABBAE4AUQBBADMAQQBEAGsAQQBNAFEAQQAwAEEARABBAEEATgBRAEEAMgBBAEQAUQBBAE8AUQBBAHgAQQBEAGsAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=f330b8cc-53c3-46b1-8386-af4febf84765
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2588 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8a8841b0-2086-4ce9-8d02-b2d0626bad06
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQANQAzAC4ANwA4AC0ANQA3ADkAMQA0ADAANQA2ADQAOQAxADkANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=b1f165ad-11fd-44c0-8de3-038186f69065
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2587 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8a8841b0-2086-4ce9-8d02-b2d0626bad06
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQANQAzAC4ANwA4AC0ANQA3ADkAMQA0ADAANQA2ADQAOQAxADkANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=b1f165ad-11fd-44c0-8de3-038186f69065
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2586 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8a8841b0-2086-4ce9-8d02-b2d0626bad06
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQANQAzAC4ANwA4AC0ANQA3ADkAMQA0ADAANQA2ADQAOQAxADkANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2585 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8a8841b0-2086-4ce9-8d02-b2d0626bad06
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQANQAzAC4ANwA4AC0ANQA3ADkAMQA0ADAANQA2ADQAOQAxADkANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2584 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8a8841b0-2086-4ce9-8d02-b2d0626bad06
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQANQAzAC4ANwA4AC0ANQA3ADkAMQA0ADAANQA2ADQAOQAxADkANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2583 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8a8841b0-2086-4ce9-8d02-b2d0626bad06
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQANQAzAC4ANwA4AC0ANQA3ADkAMQA0ADAANQA2ADQAOQAxADkANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2582 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8a8841b0-2086-4ce9-8d02-b2d0626bad06
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQANQAzAC4ANwA4AC0ANQA3ADkAMQA0ADAANQA2ADQAOQAxADkANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2581 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8a8841b0-2086-4ce9-8d02-b2d0626bad06
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQANQAzAC4ANwA4AC0ANQA3ADkAMQA0ADAANQA2ADQAOQAxADkANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2580 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1440a2fe-16b4-41bf-91ad-07584e641b6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBOAFEAQQB6AEEAQwA0AEEATgB3AEEANABBAEMAMABBAE4AUQBBADMAQQBEAGsAQQBNAFEAQQAwAEEARABBAEEATgBRAEEAMgBBAEQAUQBBAE8AUQBBAHgAQQBEAGsAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=f330b8cc-53c3-46b1-8386-af4febf84765
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2579 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1440a2fe-16b4-41bf-91ad-07584e641b6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBOAFEAQQB6AEEAQwA0AEEATgB3AEEANABBAEMAMABBAE4AUQBBADMAQQBEAGsAQQBNAFEAQQAwAEEARABBAEEATgBRAEEAMgBBAEQAUQBBAE8AUQBBAHgAQQBEAGsAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2578 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1440a2fe-16b4-41bf-91ad-07584e641b6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBOAFEAQQB6AEEAQwA0AEEATgB3AEEANABBAEMAMABBAE4AUQBBADMAQQBEAGsAQQBNAFEAQQAwAEEARABBAEEATgBRAEEAMgBBAEQAUQBBAE8AUQBBAHgAQQBEAGsAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2577 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1440a2fe-16b4-41bf-91ad-07584e641b6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBOAFEAQQB6AEEAQwA0AEEATgB3AEEANABBAEMAMABBAE4AUQBBADMAQQBEAGsAQQBNAFEAQQAwAEEARABBAEEATgBRAEEAMgBBAEQAUQBBAE8AUQBBAHgAQQBEAGsAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2576 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1440a2fe-16b4-41bf-91ad-07584e641b6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBOAFEAQQB6AEEAQwA0AEEATgB3AEEANABBAEMAMABBAE4AUQBBADMAQQBEAGsAQQBNAFEAQQAwAEEARABBAEEATgBRAEEAMgBBAEQAUQBBAE8AUQBBAHgAQQBEAGsAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2575 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1440a2fe-16b4-41bf-91ad-07584e641b6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBOAFEAQQB6AEEAQwA0AEEATgB3AEEANABBAEMAMABBAE4AUQBBADMAQQBEAGsAQQBNAFEAQQAwAEEARABBAEEATgBRAEEAMgBBAEQAUQBBAE8AUQBBAHgAQQBEAGsAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2574 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1440a2fe-16b4-41bf-91ad-07584e641b6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBOAFEAQQB6AEEAQwA0AEEATgB3AEEANABBAEMAMABBAE4AUQBBADMAQQBEAGsAQQBNAFEAQQAwAEEARABBAEEATgBRAEEAMgBBAEQAUQBBAE8AUQBBAHgAQQBEAGsAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2573 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d828e45-e538-434a-9039-b1cc146f95f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=15bb5dcf-3f22-4698-90a4-eec366e7aca7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2572 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=423ec5b1-fb50-4b93-90d2-83303c1dba1e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=db8136ff-0b40-4bd7-8d5a-6c5e717c50a4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2571 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=423ec5b1-fb50-4b93-90d2-83303c1dba1e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2570 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=423ec5b1-fb50-4b93-90d2-83303c1dba1e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2569 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=423ec5b1-fb50-4b93-90d2-83303c1dba1e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2568 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=423ec5b1-fb50-4b93-90d2-83303c1dba1e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2567 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=423ec5b1-fb50-4b93-90d2-83303c1dba1e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2566 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=423ec5b1-fb50-4b93-90d2-83303c1dba1e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2565 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=423ec5b1-fb50-4b93-90d2-83303c1dba1e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2564 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=423ec5b1-fb50-4b93-90d2-83303c1dba1e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2563 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d828e45-e538-434a-9039-b1cc146f95f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=15bb5dcf-3f22-4698-90a4-eec366e7aca7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2562 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d828e45-e538-434a-9039-b1cc146f95f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2561 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d828e45-e538-434a-9039-b1cc146f95f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2560 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d828e45-e538-434a-9039-b1cc146f95f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2559 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d828e45-e538-434a-9039-b1cc146f95f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2558 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d828e45-e538-434a-9039-b1cc146f95f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2557 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d828e45-e538-434a-9039-b1cc146f95f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2556 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7ee1c3a-e5aa-4575-bb4a-da75e9ba2b43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=488977cc-0038-4588-a3cc-12a064b3ded8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2555 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec4bbcd2-eecd-4c4d-80c6-fb065b5d05dd
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA==
EngineVersion=5.1.14393.1944
RunspaceId=f37e3a32-0af5-4281-a76c-f03d8ce7c99f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2554 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec4bbcd2-eecd-4c4d-80c6-fb065b5d05dd
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA==
EngineVersion=5.1.14393.1944
RunspaceId=f37e3a32-0af5-4281-a76c-f03d8ce7c99f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2553 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec4bbcd2-eecd-4c4d-80c6-fb065b5d05dd
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2552 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec4bbcd2-eecd-4c4d-80c6-fb065b5d05dd
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2551 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec4bbcd2-eecd-4c4d-80c6-fb065b5d05dd
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2550 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec4bbcd2-eecd-4c4d-80c6-fb065b5d05dd
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2549 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec4bbcd2-eecd-4c4d-80c6-fb065b5d05dd
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2548 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec4bbcd2-eecd-4c4d-80c6-fb065b5d05dd
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2547 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7d8f783e-5ac7-4966-bd5c-c9fd2fe537f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a662c95e-9a3c-41e4-b04f-efb775de85ac
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2546 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7d8f783e-5ac7-4966-bd5c-c9fd2fe537f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a662c95e-9a3c-41e4-b04f-efb775de85ac
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2545 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7d8f783e-5ac7-4966-bd5c-c9fd2fe537f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2544 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7d8f783e-5ac7-4966-bd5c-c9fd2fe537f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2543 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7d8f783e-5ac7-4966-bd5c-c9fd2fe537f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2542 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7d8f783e-5ac7-4966-bd5c-c9fd2fe537f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2541 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7d8f783e-5ac7-4966-bd5c-c9fd2fe537f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2540 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7d8f783e-5ac7-4966-bd5c-c9fd2fe537f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2539 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7d8f783e-5ac7-4966-bd5c-c9fd2fe537f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2538 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7d8f783e-5ac7-4966-bd5c-c9fd2fe537f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2537 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7ee1c3a-e5aa-4575-bb4a-da75e9ba2b43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=488977cc-0038-4588-a3cc-12a064b3ded8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2536 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7ee1c3a-e5aa-4575-bb4a-da75e9ba2b43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2535 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7ee1c3a-e5aa-4575-bb4a-da75e9ba2b43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2534 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7ee1c3a-e5aa-4575-bb4a-da75e9ba2b43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2533 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7ee1c3a-e5aa-4575-bb4a-da75e9ba2b43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2532 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7ee1c3a-e5aa-4575-bb4a-da75e9ba2b43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2531 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7ee1c3a-e5aa-4575-bb4a-da75e9ba2b43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2530 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e6e6735-7893-42ff-af9f-cf0c1e4978f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f89eea21-b75a-4ce0-802c-c5fddd7f5608
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2529 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dbfd7495-acbf-42ae-b996-47b2ab57aba7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=ce872b1a-f389-44cb-ad89-be6310caa2d5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2528 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dbfd7495-acbf-42ae-b996-47b2ab57aba7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=ce872b1a-f389-44cb-ad89-be6310caa2d5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2527 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dbfd7495-acbf-42ae-b996-47b2ab57aba7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2526 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dbfd7495-acbf-42ae-b996-47b2ab57aba7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2525 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dbfd7495-acbf-42ae-b996-47b2ab57aba7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2524 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dbfd7495-acbf-42ae-b996-47b2ab57aba7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2523 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dbfd7495-acbf-42ae-b996-47b2ab57aba7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2522 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dbfd7495-acbf-42ae-b996-47b2ab57aba7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2521 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b25907e1-1e5c-429a-aa57-2886ed06c09d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ba5b7b3c-3bf0-46f2-b058-d3706e893e63
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2520 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b25907e1-1e5c-429a-aa57-2886ed06c09d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ba5b7b3c-3bf0-46f2-b058-d3706e893e63
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2519 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b25907e1-1e5c-429a-aa57-2886ed06c09d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2518 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b25907e1-1e5c-429a-aa57-2886ed06c09d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2517 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b25907e1-1e5c-429a-aa57-2886ed06c09d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2516 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b25907e1-1e5c-429a-aa57-2886ed06c09d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2515 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b25907e1-1e5c-429a-aa57-2886ed06c09d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2514 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b25907e1-1e5c-429a-aa57-2886ed06c09d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2513 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b25907e1-1e5c-429a-aa57-2886ed06c09d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2512 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b25907e1-1e5c-429a-aa57-2886ed06c09d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2511 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e6e6735-7893-42ff-af9f-cf0c1e4978f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f89eea21-b75a-4ce0-802c-c5fddd7f5608
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2510 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e6e6735-7893-42ff-af9f-cf0c1e4978f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2509 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e6e6735-7893-42ff-af9f-cf0c1e4978f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2508 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e6e6735-7893-42ff-af9f-cf0c1e4978f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2507 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e6e6735-7893-42ff-af9f-cf0c1e4978f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2506 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e6e6735-7893-42ff-af9f-cf0c1e4978f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2505 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e6e6735-7893-42ff-af9f-cf0c1e4978f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2504 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b471ca4c-eba3-46ec-b6de-dada246f6e27
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=da6a317a-260b-406e-87a5-77e4456d045c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2503 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=481931d1-e1dd-4f18-bedf-3e7b2eff69b4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=5.1.14393.1944
RunspaceId=78865096-5370-4095-b545-ea6c22d6a0b1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2502 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=481931d1-e1dd-4f18-bedf-3e7b2eff69b4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=5.1.14393.1944
RunspaceId=78865096-5370-4095-b545-ea6c22d6a0b1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2501 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=481931d1-e1dd-4f18-bedf-3e7b2eff69b4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2500 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=481931d1-e1dd-4f18-bedf-3e7b2eff69b4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2499 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=481931d1-e1dd-4f18-bedf-3e7b2eff69b4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2498 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=481931d1-e1dd-4f18-bedf-3e7b2eff69b4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2497 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=481931d1-e1dd-4f18-bedf-3e7b2eff69b4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2496 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=481931d1-e1dd-4f18-bedf-3e7b2eff69b4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2495 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5e5c736-e432-453b-8160-ee0d2510d009
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=60ae805a-7089-443d-833b-fe40636175e4
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2494 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5e5c736-e432-453b-8160-ee0d2510d009
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=60ae805a-7089-443d-833b-fe40636175e4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2493 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5e5c736-e432-453b-8160-ee0d2510d009
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2492 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5e5c736-e432-453b-8160-ee0d2510d009
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2491 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5e5c736-e432-453b-8160-ee0d2510d009
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2490 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5e5c736-e432-453b-8160-ee0d2510d009
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2489 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5e5c736-e432-453b-8160-ee0d2510d009
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2488 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5e5c736-e432-453b-8160-ee0d2510d009
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2487 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5e5c736-e432-453b-8160-ee0d2510d009
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2486 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5e5c736-e432-453b-8160-ee0d2510d009
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2485 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b471ca4c-eba3-46ec-b6de-dada246f6e27
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=da6a317a-260b-406e-87a5-77e4456d045c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2484 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b471ca4c-eba3-46ec-b6de-dada246f6e27
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2483 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b471ca4c-eba3-46ec-b6de-dada246f6e27
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2482 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b471ca4c-eba3-46ec-b6de-dada246f6e27
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2481 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b471ca4c-eba3-46ec-b6de-dada246f6e27
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2480 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b471ca4c-eba3-46ec-b6de-dada246f6e27
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2479 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b471ca4c-eba3-46ec-b6de-dada246f6e27
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2478 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3dbd0f55-3f90-49f9-bbe7-4ac38a28dece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABBAEEATQBnAEEAdQBBAEQAYwBBAE4AZwBBAHQAQQBEAEkAQQBOAHcAQQA0AEEARABVAEEATgB3AEEAMABBAEQAQQBBAE0AZwBBADQAQQBEAE0AQQBOAFEAQQB3AEEARABNAEEATQBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=721affca-6e06-45d7-8ccb-2fd1200d66bd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2477 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a74bd81-01f8-4e3a-a4c6-2c3bee74cfdc
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADAAMgAuADcANgAtADIANwA4ADUANwA0ADAAMgA4ADMANQAwADMAMAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=8cb538db-e327-4ca9-aaba-fa116546691a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2476 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a74bd81-01f8-4e3a-a4c6-2c3bee74cfdc
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADAAMgAuADcANgAtADIANwA4ADUANwA0ADAAMgA4ADMANQAwADMAMAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=8cb538db-e327-4ca9-aaba-fa116546691a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2475 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a74bd81-01f8-4e3a-a4c6-2c3bee74cfdc
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADAAMgAuADcANgAtADIANwA4ADUANwA0ADAAMgA4ADMANQAwADMAMAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2474 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a74bd81-01f8-4e3a-a4c6-2c3bee74cfdc
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADAAMgAuADcANgAtADIANwA4ADUANwA0ADAAMgA4ADMANQAwADMAMAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2473 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a74bd81-01f8-4e3a-a4c6-2c3bee74cfdc
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADAAMgAuADcANgAtADIANwA4ADUANwA0ADAAMgA4ADMANQAwADMAMAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2472 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a74bd81-01f8-4e3a-a4c6-2c3bee74cfdc
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADAAMgAuADcANgAtADIANwA4ADUANwA0ADAAMgA4ADMANQAwADMAMAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2471 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a74bd81-01f8-4e3a-a4c6-2c3bee74cfdc
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADAAMgAuADcANgAtADIANwA4ADUANwA0ADAAMgA4ADMANQAwADMAMAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2470 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a74bd81-01f8-4e3a-a4c6-2c3bee74cfdc
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADAAMgAuADcANgAtADIANwA4ADUANwA0ADAAMgA4ADMANQAwADMAMAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2469 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3dbd0f55-3f90-49f9-bbe7-4ac38a28dece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABBAEEATQBnAEEAdQBBAEQAYwBBAE4AZwBBAHQAQQBEAEkAQQBOAHcAQQA0AEEARABVAEEATgB3AEEAMABBAEQAQQBBAE0AZwBBADQAQQBEAE0AQQBOAFEAQQB3AEEARABNAEEATQBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=721affca-6e06-45d7-8ccb-2fd1200d66bd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2468 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3dbd0f55-3f90-49f9-bbe7-4ac38a28dece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABBAEEATQBnAEEAdQBBAEQAYwBBAE4AZwBBAHQAQQBEAEkAQQBOAHcAQQA0AEEARABVAEEATgB3AEEAMABBAEQAQQBBAE0AZwBBADQAQQBEAE0AQQBOAFEAQQB3AEEARABNAEEATQBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2467 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3dbd0f55-3f90-49f9-bbe7-4ac38a28dece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABBAEEATQBnAEEAdQBBAEQAYwBBAE4AZwBBAHQAQQBEAEkAQQBOAHcAQQA0AEEARABVAEEATgB3AEEAMABBAEQAQQBBAE0AZwBBADQAQQBEAE0AQQBOAFEAQQB3AEEARABNAEEATQBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2466 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3dbd0f55-3f90-49f9-bbe7-4ac38a28dece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABBAEEATQBnAEEAdQBBAEQAYwBBAE4AZwBBAHQAQQBEAEkAQQBOAHcAQQA0AEEARABVAEEATgB3AEEAMABBAEQAQQBBAE0AZwBBADQAQQBEAE0AQQBOAFEAQQB3AEEARABNAEEATQBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2465 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3dbd0f55-3f90-49f9-bbe7-4ac38a28dece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABBAEEATQBnAEEAdQBBAEQAYwBBAE4AZwBBAHQAQQBEAEkAQQBOAHcAQQA0AEEARABVAEEATgB3AEEAMABBAEQAQQBBAE0AZwBBADQAQQBEAE0AQQBOAFEAQQB3AEEARABNAEEATQBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2464 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3dbd0f55-3f90-49f9-bbe7-4ac38a28dece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABBAEEATQBnAEEAdQBBAEQAYwBBAE4AZwBBAHQAQQBEAEkAQQBOAHcAQQA0AEEARABVAEEATgB3AEEAMABBAEQAQQBBAE0AZwBBADQAQQBEAE0AQQBOAFEAQQB3AEEARABNAEEATQBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2463 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3dbd0f55-3f90-49f9-bbe7-4ac38a28dece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQAwAEEARABBAEEATQBnAEEAdQBBAEQAYwBBAE4AZwBBAHQAQQBEAEkAQQBOAHcAQQA0AEEARABVAEEATgB3AEEAMABBAEQAQQBBAE0AZwBBADQAQQBEAE0AQQBOAFEAQQB3AEEARABNAEEATQBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2462 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0760aedb-8cfc-47c2-b8ea-f25a87fad3d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d9a8d116-1936-450d-9d2f-9398018538b0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2461 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf3a3af5-37ff-4d97-8526-f6a63884756d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=56ef7eb9-3146-43ca-8e5b-a6bcf2df1fc8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2460 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf3a3af5-37ff-4d97-8526-f6a63884756d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2459 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf3a3af5-37ff-4d97-8526-f6a63884756d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2458 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf3a3af5-37ff-4d97-8526-f6a63884756d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2457 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf3a3af5-37ff-4d97-8526-f6a63884756d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2456 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf3a3af5-37ff-4d97-8526-f6a63884756d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2455 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf3a3af5-37ff-4d97-8526-f6a63884756d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2454 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf3a3af5-37ff-4d97-8526-f6a63884756d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2453 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf3a3af5-37ff-4d97-8526-f6a63884756d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2452 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0760aedb-8cfc-47c2-b8ea-f25a87fad3d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d9a8d116-1936-450d-9d2f-9398018538b0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2451 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0760aedb-8cfc-47c2-b8ea-f25a87fad3d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2450 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0760aedb-8cfc-47c2-b8ea-f25a87fad3d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2449 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0760aedb-8cfc-47c2-b8ea-f25a87fad3d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2448 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0760aedb-8cfc-47c2-b8ea-f25a87fad3d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2447 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0760aedb-8cfc-47c2-b8ea-f25a87fad3d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2446 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0760aedb-8cfc-47c2-b8ea-f25a87fad3d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2445 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d38adb7a-ff75-4e15-bc16-feb0cdcd5676
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADAAMgAuADcANgAtADIANwA4ADUANwA0ADAAMgA4ADMANQAwADMAMAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=44284bce-ab39-4113-aee8-bf6056542bbe
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2444 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d38adb7a-ff75-4e15-bc16-feb0cdcd5676
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADAAMgAuADcANgAtADIANwA4ADUANwA0ADAAMgA4ADMANQAwADMAMAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=44284bce-ab39-4113-aee8-bf6056542bbe
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2443 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d38adb7a-ff75-4e15-bc16-feb0cdcd5676
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADAAMgAuADcANgAtADIANwA4ADUANwA0ADAAMgA4ADMANQAwADMAMAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2442 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d38adb7a-ff75-4e15-bc16-feb0cdcd5676
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADAAMgAuADcANgAtADIANwA4ADUANwA0ADAAMgA4ADMANQAwADMAMAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2441 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d38adb7a-ff75-4e15-bc16-feb0cdcd5676
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADAAMgAuADcANgAtADIANwA4ADUANwA0ADAAMgA4ADMANQAwADMAMAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2440 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d38adb7a-ff75-4e15-bc16-feb0cdcd5676
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADAAMgAuADcANgAtADIANwA4ADUANwA0ADAAMgA4ADMANQAwADMAMAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2439 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d38adb7a-ff75-4e15-bc16-feb0cdcd5676
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADAAMgAuADcANgAtADIANwA4ADUANwA0ADAAMgA4ADMANQAwADMAMAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2438 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d38adb7a-ff75-4e15-bc16-feb0cdcd5676
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwA0ADAAMgAuADcANgAtADIANwA4ADUANwA0ADAAMgA4ADMANQAwADMAMAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2437 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac30c0aa-b8e2-447c-a2ed-701f89ae33f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBNAEEAQQB5AEEAQwA0AEEATgB3AEEAMgBBAEMAMABBAE0AZwBBADMAQQBEAGcAQQBOAFEAQQAzAEEARABRAEEATQBBAEEAeQBBAEQAZwBBAE0AdwBBADEAQQBEAEEAQQBNAHcAQQB3AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=63d669a2-dd99-44ec-b768-3a5fb11f620a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2436 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=989dceac-8678-4bc3-b5c2-ba34269d27c0
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQAMAAyAC4ANwA2AC0AMgA3ADgANQA3ADQAMAAyADgAMwA1ADAAMwAwADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=3b3ed7b6-669e-4f5b-89a4-d32e8aed5d23
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2435 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=989dceac-8678-4bc3-b5c2-ba34269d27c0
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQAMAAyAC4ANwA2AC0AMgA3ADgANQA3ADQAMAAyADgAMwA1ADAAMwAwADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=3b3ed7b6-669e-4f5b-89a4-d32e8aed5d23
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2434 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=989dceac-8678-4bc3-b5c2-ba34269d27c0
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQAMAAyAC4ANwA2AC0AMgA3ADgANQA3ADQAMAAyADgAMwA1ADAAMwAwADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2433 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=989dceac-8678-4bc3-b5c2-ba34269d27c0
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQAMAAyAC4ANwA2AC0AMgA3ADgANQA3ADQAMAAyADgAMwA1ADAAMwAwADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2432 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=989dceac-8678-4bc3-b5c2-ba34269d27c0
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQAMAAyAC4ANwA2AC0AMgA3ADgANQA3ADQAMAAyADgAMwA1ADAAMwAwADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2431 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=989dceac-8678-4bc3-b5c2-ba34269d27c0
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQAMAAyAC4ANwA2AC0AMgA3ADgANQA3ADQAMAAyADgAMwA1ADAAMwAwADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2430 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=989dceac-8678-4bc3-b5c2-ba34269d27c0
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQAMAAyAC4ANwA2AC0AMgA3ADgANQA3ADQAMAAyADgAMwA1ADAAMwAwADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2429 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=989dceac-8678-4bc3-b5c2-ba34269d27c0
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADQAMAAyAC4ANwA2AC0AMgA3ADgANQA3ADQAMAAyADgAMwA1ADAAMwAwADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2428 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac30c0aa-b8e2-447c-a2ed-701f89ae33f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBNAEEAQQB5AEEAQwA0AEEATgB3AEEAMgBBAEMAMABBAE0AZwBBADMAQQBEAGcAQQBOAFEAQQAzAEEARABRAEEATQBBAEEAeQBBAEQAZwBBAE0AdwBBADEAQQBEAEEAQQBNAHcAQQB3AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=63d669a2-dd99-44ec-b768-3a5fb11f620a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2427 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac30c0aa-b8e2-447c-a2ed-701f89ae33f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBNAEEAQQB5AEEAQwA0AEEATgB3AEEAMgBBAEMAMABBAE0AZwBBADMAQQBEAGcAQQBOAFEAQQAzAEEARABRAEEATQBBAEEAeQBBAEQAZwBBAE0AdwBBADEAQQBEAEEAQQBNAHcAQQB3AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2426 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac30c0aa-b8e2-447c-a2ed-701f89ae33f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBNAEEAQQB5AEEAQwA0AEEATgB3AEEAMgBBAEMAMABBAE0AZwBBADMAQQBEAGcAQQBOAFEAQQAzAEEARABRAEEATQBBAEEAeQBBAEQAZwBBAE0AdwBBADEAQQBEAEEAQQBNAHcAQQB3AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2425 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac30c0aa-b8e2-447c-a2ed-701f89ae33f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBNAEEAQQB5AEEAQwA0AEEATgB3AEEAMgBBAEMAMABBAE0AZwBBADMAQQBEAGcAQQBOAFEAQQAzAEEARABRAEEATQBBAEEAeQBBAEQAZwBBAE0AdwBBADEAQQBEAEEAQQBNAHcAQQB3AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2424 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac30c0aa-b8e2-447c-a2ed-701f89ae33f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBNAEEAQQB5AEEAQwA0AEEATgB3AEEAMgBBAEMAMABBAE0AZwBBADMAQQBEAGcAQQBOAFEAQQAzAEEARABRAEEATQBBAEEAeQBBAEQAZwBBAE0AdwBBADEAQQBEAEEAQQBNAHcAQQB3AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2423 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac30c0aa-b8e2-447c-a2ed-701f89ae33f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBNAEEAQQB5AEEAQwA0AEEATgB3AEEAMgBBAEMAMABBAE0AZwBBADMAQQBEAGcAQQBOAFEAQQAzAEEARABRAEEATQBBAEEAeQBBAEQAZwBBAE0AdwBBADEAQQBEAEEAQQBNAHcAQQB3AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2422 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac30c0aa-b8e2-447c-a2ed-701f89ae33f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAFEAQQBNAEEAQQB5AEEAQwA0AEEATgB3AEEAMgBBAEMAMABBAE0AZwBBADMAQQBEAGcAQQBOAFEAQQAzAEEARABRAEEATQBBAEEAeQBBAEQAZwBBAE0AdwBBADEAQQBEAEEAQQBNAHcAQQB3AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2421 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0697385b-e1a4-462f-9f80-b84c588540eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e86d5d11-ae62-4da7-9b66-546265436807
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2420 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=505ab3dc-ad64-4b20-917e-a427b3b3ef2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7c350c92-5d65-4b68-b26c-91cee4bee8a0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2419 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=505ab3dc-ad64-4b20-917e-a427b3b3ef2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2418 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=505ab3dc-ad64-4b20-917e-a427b3b3ef2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2417 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=505ab3dc-ad64-4b20-917e-a427b3b3ef2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2416 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=505ab3dc-ad64-4b20-917e-a427b3b3ef2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2415 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=505ab3dc-ad64-4b20-917e-a427b3b3ef2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2414 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=505ab3dc-ad64-4b20-917e-a427b3b3ef2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2413 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=505ab3dc-ad64-4b20-917e-a427b3b3ef2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2412 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=505ab3dc-ad64-4b20-917e-a427b3b3ef2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2411 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0697385b-e1a4-462f-9f80-b84c588540eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e86d5d11-ae62-4da7-9b66-546265436807
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2410 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0697385b-e1a4-462f-9f80-b84c588540eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2409 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0697385b-e1a4-462f-9f80-b84c588540eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2408 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0697385b-e1a4-462f-9f80-b84c588540eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2407 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0697385b-e1a4-462f-9f80-b84c588540eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2406 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0697385b-e1a4-462f-9f80-b84c588540eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2405 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0697385b-e1a4-462f-9f80-b84c588540eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2404 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ebe4d394-4087-48f8-bc5e-91a532a335c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2eb20bcc-de89-49fd-ac0f-110b3d4a7ae9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2403 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a782169d-c073-456a-9fa1-4def107102ce
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA=
EngineVersion=5.1.14393.1944
RunspaceId=4840998f-a701-4237-a9dc-b122eb36b1f3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2402 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:50:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a782169d-c073-456a-9fa1-4def107102ce
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA=
EngineVersion=5.1.14393.1944
RunspaceId=4840998f-a701-4237-a9dc-b122eb36b1f3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2401 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a782169d-c073-456a-9fa1-4def107102ce
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2400 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a782169d-c073-456a-9fa1-4def107102ce
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2399 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a782169d-c073-456a-9fa1-4def107102ce
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2398 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a782169d-c073-456a-9fa1-4def107102ce
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2397 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a782169d-c073-456a-9fa1-4def107102ce
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2396 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a782169d-c073-456a-9fa1-4def107102ce
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2395 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94f8ba43-c034-40ca-9db2-0e630a4b21c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c5dd5677-d600-48b6-8e7e-e5d042bb9fb2
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2394 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94f8ba43-c034-40ca-9db2-0e630a4b21c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c5dd5677-d600-48b6-8e7e-e5d042bb9fb2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2393 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94f8ba43-c034-40ca-9db2-0e630a4b21c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2392 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94f8ba43-c034-40ca-9db2-0e630a4b21c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2391 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94f8ba43-c034-40ca-9db2-0e630a4b21c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2390 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94f8ba43-c034-40ca-9db2-0e630a4b21c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2389 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94f8ba43-c034-40ca-9db2-0e630a4b21c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2388 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94f8ba43-c034-40ca-9db2-0e630a4b21c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2387 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94f8ba43-c034-40ca-9db2-0e630a4b21c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2386 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94f8ba43-c034-40ca-9db2-0e630a4b21c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2385 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ebe4d394-4087-48f8-bc5e-91a532a335c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2eb20bcc-de89-49fd-ac0f-110b3d4a7ae9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2384 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ebe4d394-4087-48f8-bc5e-91a532a335c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2383 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ebe4d394-4087-48f8-bc5e-91a532a335c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2382 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ebe4d394-4087-48f8-bc5e-91a532a335c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2381 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ebe4d394-4087-48f8-bc5e-91a532a335c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2380 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ebe4d394-4087-48f8-bc5e-91a532a335c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2379 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ebe4d394-4087-48f8-bc5e-91a532a335c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2378 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e87f27cd-79f3-44d6-bf20-362edc2bc287
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=85fcba64-694c-4a66-a79b-d95f91cfc177
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2377 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=56b261d5-a811-41ba-8073-5c79540d2fa0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=e8eb6ff0-01d3-4800-9ca7-bdc5a282c347
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2376 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=56b261d5-a811-41ba-8073-5c79540d2fa0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=e8eb6ff0-01d3-4800-9ca7-bdc5a282c347
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2375 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=56b261d5-a811-41ba-8073-5c79540d2fa0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2374 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=56b261d5-a811-41ba-8073-5c79540d2fa0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2373 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=56b261d5-a811-41ba-8073-5c79540d2fa0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2372 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=56b261d5-a811-41ba-8073-5c79540d2fa0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2371 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=56b261d5-a811-41ba-8073-5c79540d2fa0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2370 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=56b261d5-a811-41ba-8073-5c79540d2fa0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2369 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=63edb6f0-1379-4f16-bdcf-64802e972253
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=88bf3008-4c1a-4bec-8aca-5bd0397a59c9
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2368 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=63edb6f0-1379-4f16-bdcf-64802e972253
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=88bf3008-4c1a-4bec-8aca-5bd0397a59c9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2367 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=63edb6f0-1379-4f16-bdcf-64802e972253
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2366 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=63edb6f0-1379-4f16-bdcf-64802e972253
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2365 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=63edb6f0-1379-4f16-bdcf-64802e972253
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2364 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=63edb6f0-1379-4f16-bdcf-64802e972253
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2363 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=63edb6f0-1379-4f16-bdcf-64802e972253
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2362 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=63edb6f0-1379-4f16-bdcf-64802e972253
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2361 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=63edb6f0-1379-4f16-bdcf-64802e972253
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2360 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=63edb6f0-1379-4f16-bdcf-64802e972253
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2359 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e87f27cd-79f3-44d6-bf20-362edc2bc287
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=85fcba64-694c-4a66-a79b-d95f91cfc177
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2358 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e87f27cd-79f3-44d6-bf20-362edc2bc287
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2357 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e87f27cd-79f3-44d6-bf20-362edc2bc287
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2356 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e87f27cd-79f3-44d6-bf20-362edc2bc287
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2355 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e87f27cd-79f3-44d6-bf20-362edc2bc287
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2354 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e87f27cd-79f3-44d6-bf20-362edc2bc287
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2353 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e87f27cd-79f3-44d6-bf20-362edc2bc287
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2352 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=51ec3399-9a38-4fbb-8b16-77952e10255b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=09e72ec8-f08b-46a2-9836-74ebf6f039b7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2351 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd2ff0b0-6770-40d6-b65b-f33d4083bada
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=de343195-1b4f-4cff-bd2a-327f8dc8909d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2350 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd2ff0b0-6770-40d6-b65b-f33d4083bada
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=de343195-1b4f-4cff-bd2a-327f8dc8909d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2349 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd2ff0b0-6770-40d6-b65b-f33d4083bada
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2348 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd2ff0b0-6770-40d6-b65b-f33d4083bada
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2347 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd2ff0b0-6770-40d6-b65b-f33d4083bada
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2346 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd2ff0b0-6770-40d6-b65b-f33d4083bada
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2345 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd2ff0b0-6770-40d6-b65b-f33d4083bada
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2344 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd2ff0b0-6770-40d6-b65b-f33d4083bada
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2343 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=793f1300-7085-4e04-92bc-21d272fbe562
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3cd4effb-c633-42a7-8cc5-34475c0e25a0
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2342 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=793f1300-7085-4e04-92bc-21d272fbe562
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3cd4effb-c633-42a7-8cc5-34475c0e25a0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2341 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=793f1300-7085-4e04-92bc-21d272fbe562
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2340 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=793f1300-7085-4e04-92bc-21d272fbe562
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2339 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=793f1300-7085-4e04-92bc-21d272fbe562
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2338 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=793f1300-7085-4e04-92bc-21d272fbe562
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2337 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=793f1300-7085-4e04-92bc-21d272fbe562
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2336 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=793f1300-7085-4e04-92bc-21d272fbe562
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2335 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=793f1300-7085-4e04-92bc-21d272fbe562
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2334 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=793f1300-7085-4e04-92bc-21d272fbe562
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2333 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=51ec3399-9a38-4fbb-8b16-77952e10255b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=09e72ec8-f08b-46a2-9836-74ebf6f039b7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2332 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=51ec3399-9a38-4fbb-8b16-77952e10255b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2331 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=51ec3399-9a38-4fbb-8b16-77952e10255b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2330 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=51ec3399-9a38-4fbb-8b16-77952e10255b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2329 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=51ec3399-9a38-4fbb-8b16-77952e10255b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2328 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=51ec3399-9a38-4fbb-8b16-77952e10255b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2327 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=51ec3399-9a38-4fbb-8b16-77952e10255b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2326 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a767fc59-b744-4eae-9d43-6134b3ad69f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB6AEEARABnAEEATQBBAEEAdQBBAEQASQBBAEwAUQBBAHkAQQBEAFkAQQBOAEEAQQB4AEEARABRAEEATQBBAEEAMABBAEQAUQBBAE4AdwBBADEAQQBEAE0AQQBOAFEAQQB4AEEARABVAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=b1fccc92-9239-498e-8e64-02bcd9616fe2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2325 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8b80ab71-478b-415f-b76f-a5f34cb06f0a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADgAMAAuADIALQAyADYANAAxADQAMAA0ADQANwA1ADMANQAxADUAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=98e50f4c-00ce-452d-afb6-0b0cc42d57bb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2324 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8b80ab71-478b-415f-b76f-a5f34cb06f0a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADgAMAAuADIALQAyADYANAAxADQAMAA0ADQANwA1ADMANQAxADUAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=98e50f4c-00ce-452d-afb6-0b0cc42d57bb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2323 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8b80ab71-478b-415f-b76f-a5f34cb06f0a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADgAMAAuADIALQAyADYANAAxADQAMAA0ADQANwA1ADMANQAxADUAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2322 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8b80ab71-478b-415f-b76f-a5f34cb06f0a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADgAMAAuADIALQAyADYANAAxADQAMAA0ADQANwA1ADMANQAxADUAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2321 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8b80ab71-478b-415f-b76f-a5f34cb06f0a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADgAMAAuADIALQAyADYANAAxADQAMAA0ADQANwA1ADMANQAxADUAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2320 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8b80ab71-478b-415f-b76f-a5f34cb06f0a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADgAMAAuADIALQAyADYANAAxADQAMAA0ADQANwA1ADMANQAxADUAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2319 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8b80ab71-478b-415f-b76f-a5f34cb06f0a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADgAMAAuADIALQAyADYANAAxADQAMAA0ADQANwA1ADMANQAxADUAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2318 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8b80ab71-478b-415f-b76f-a5f34cb06f0a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADgAMAAuADIALQAyADYANAAxADQAMAA0ADQANwA1ADMANQAxADUAMwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2317 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a767fc59-b744-4eae-9d43-6134b3ad69f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB6AEEARABnAEEATQBBAEEAdQBBAEQASQBBAEwAUQBBAHkAQQBEAFkAQQBOAEEAQQB4AEEARABRAEEATQBBAEEAMABBAEQAUQBBAE4AdwBBADEAQQBEAE0AQQBOAFEAQQB4AEEARABVAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=b1fccc92-9239-498e-8e64-02bcd9616fe2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2316 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a767fc59-b744-4eae-9d43-6134b3ad69f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB6AEEARABnAEEATQBBAEEAdQBBAEQASQBBAEwAUQBBAHkAQQBEAFkAQQBOAEEAQQB4AEEARABRAEEATQBBAEEAMABBAEQAUQBBAE4AdwBBADEAQQBEAE0AQQBOAFEAQQB4AEEARABVAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2315 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a767fc59-b744-4eae-9d43-6134b3ad69f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB6AEEARABnAEEATQBBAEEAdQBBAEQASQBBAEwAUQBBAHkAQQBEAFkAQQBOAEEAQQB4AEEARABRAEEATQBBAEEAMABBAEQAUQBBAE4AdwBBADEAQQBEAE0AQQBOAFEAQQB4AEEARABVAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2314 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a767fc59-b744-4eae-9d43-6134b3ad69f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB6AEEARABnAEEATQBBAEEAdQBBAEQASQBBAEwAUQBBAHkAQQBEAFkAQQBOAEEAQQB4AEEARABRAEEATQBBAEEAMABBAEQAUQBBAE4AdwBBADEAQQBEAE0AQQBOAFEAQQB4AEEARABVAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2313 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a767fc59-b744-4eae-9d43-6134b3ad69f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB6AEEARABnAEEATQBBAEEAdQBBAEQASQBBAEwAUQBBAHkAQQBEAFkAQQBOAEEAQQB4AEEARABRAEEATQBBAEEAMABBAEQAUQBBAE4AdwBBADEAQQBEAE0AQQBOAFEAQQB4AEEARABVAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2312 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a767fc59-b744-4eae-9d43-6134b3ad69f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB6AEEARABnAEEATQBBAEEAdQBBAEQASQBBAEwAUQBBAHkAQQBEAFkAQQBOAEEAQQB4AEEARABRAEEATQBBAEEAMABBAEQAUQBBAE4AdwBBADEAQQBEAE0AQQBOAFEAQQB4AEEARABVAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2311 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a767fc59-b744-4eae-9d43-6134b3ad69f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB6AEEARABnAEEATQBBAEEAdQBBAEQASQBBAEwAUQBBAHkAQQBEAFkAQQBOAEEAQQB4AEEARABRAEEATQBBAEEAMABBAEQAUQBBAE4AdwBBADEAQQBEAE0AQQBOAFEAQQB4AEEARABVAEEATQB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2310 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7e7f61b-3312-4d2d-9620-fc0b75d87bf2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e5d363bc-e516-4bd7-843a-0fbbf34c25a0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2309 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c9c1c4a-0a48-4d09-a668-26086e398a37
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=dc923ba4-d838-482f-986f-adfebce3a17b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2308 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c9c1c4a-0a48-4d09-a668-26086e398a37
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2307 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c9c1c4a-0a48-4d09-a668-26086e398a37
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2306 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c9c1c4a-0a48-4d09-a668-26086e398a37
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2305 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c9c1c4a-0a48-4d09-a668-26086e398a37
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2304 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c9c1c4a-0a48-4d09-a668-26086e398a37
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2303 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c9c1c4a-0a48-4d09-a668-26086e398a37
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2302 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c9c1c4a-0a48-4d09-a668-26086e398a37
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2301 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7c9c1c4a-0a48-4d09-a668-26086e398a37
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2300 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7e7f61b-3312-4d2d-9620-fc0b75d87bf2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e5d363bc-e516-4bd7-843a-0fbbf34c25a0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2299 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7e7f61b-3312-4d2d-9620-fc0b75d87bf2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2298 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7e7f61b-3312-4d2d-9620-fc0b75d87bf2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2297 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7e7f61b-3312-4d2d-9620-fc0b75d87bf2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2296 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7e7f61b-3312-4d2d-9620-fc0b75d87bf2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2295 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7e7f61b-3312-4d2d-9620-fc0b75d87bf2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2294 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7e7f61b-3312-4d2d-9620-fc0b75d87bf2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2293 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f1dff42-27ad-46ce-ae36-944d667839d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADgAMAAuADIALQAyADYANAAxADQAMAA0ADQANwA1ADMANQAxADUAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=3b208d02-2afd-4254-9ee5-94ffb64ab3ae
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2292 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f1dff42-27ad-46ce-ae36-944d667839d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADgAMAAuADIALQAyADYANAAxADQAMAA0ADQANwA1ADMANQAxADUAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=3b208d02-2afd-4254-9ee5-94ffb64ab3ae
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2291 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f1dff42-27ad-46ce-ae36-944d667839d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADgAMAAuADIALQAyADYANAAxADQAMAA0ADQANwA1ADMANQAxADUAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2290 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f1dff42-27ad-46ce-ae36-944d667839d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADgAMAAuADIALQAyADYANAAxADQAMAA0ADQANwA1ADMANQAxADUAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2289 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f1dff42-27ad-46ce-ae36-944d667839d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADgAMAAuADIALQAyADYANAAxADQAMAA0ADQANwA1ADMANQAxADUAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2288 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f1dff42-27ad-46ce-ae36-944d667839d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADgAMAAuADIALQAyADYANAAxADQAMAA0ADQANwA1ADMANQAxADUAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2287 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f1dff42-27ad-46ce-ae36-944d667839d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADgAMAAuADIALQAyADYANAAxADQAMAA0ADQANwA1ADMANQAxADUAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2286 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f1dff42-27ad-46ce-ae36-944d667839d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADgAMAAuADIALQAyADYANAAxADQAMAA0ADQANwA1ADMANQAxADUAMwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2285 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59551c04-c93b-46ea-8821-f5f48c244a8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAE0AQQBPAEEAQQB3AEEAQwA0AEEATQBnAEEAdABBAEQASQBBAE4AZwBBADAAQQBEAEUAQQBOAEEAQQB3AEEARABRAEEATgBBAEEAMwBBAEQAVQBBAE0AdwBBADEAQQBEAEUAQQBOAFEAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=63103d1c-47e8-4926-a031-c71b9b499264
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2284 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d933ee57-67ce-478b-986f-1db8f10b98bc
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADMAOAAwAC4AMgAtADIANgA0ADEANAAwADQANAA3ADUAMwA1ADEANQAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=375fdd46-5f2c-4ffa-a287-9234488b9b8c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2283 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d933ee57-67ce-478b-986f-1db8f10b98bc
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADMAOAAwAC4AMgAtADIANgA0ADEANAAwADQANAA3ADUAMwA1ADEANQAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=375fdd46-5f2c-4ffa-a287-9234488b9b8c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2282 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d933ee57-67ce-478b-986f-1db8f10b98bc
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADMAOAAwAC4AMgAtADIANgA0ADEANAAwADQANAA3ADUAMwA1ADEANQAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2281 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d933ee57-67ce-478b-986f-1db8f10b98bc
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADMAOAAwAC4AMgAtADIANgA0ADEANAAwADQANAA3ADUAMwA1ADEANQAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2280 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d933ee57-67ce-478b-986f-1db8f10b98bc
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADMAOAAwAC4AMgAtADIANgA0ADEANAAwADQANAA3ADUAMwA1ADEANQAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2279 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d933ee57-67ce-478b-986f-1db8f10b98bc
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADMAOAAwAC4AMgAtADIANgA0ADEANAAwADQANAA3ADUAMwA1ADEANQAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2278 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d933ee57-67ce-478b-986f-1db8f10b98bc
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADMAOAAwAC4AMgAtADIANgA0ADEANAAwADQANAA3ADUAMwA1ADEANQAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2277 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d933ee57-67ce-478b-986f-1db8f10b98bc
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADMAOAAwAC4AMgAtADIANgA0ADEANAAwADQANAA3ADUAMwA1ADEANQAzACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2276 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59551c04-c93b-46ea-8821-f5f48c244a8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAE0AQQBPAEEAQQB3AEEAQwA0AEEATQBnAEEAdABBAEQASQBBAE4AZwBBADAAQQBEAEUAQQBOAEEAQQB3AEEARABRAEEATgBBAEEAMwBBAEQAVQBBAE0AdwBBADEAQQBEAEUAQQBOAFEAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=63103d1c-47e8-4926-a031-c71b9b499264
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2275 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59551c04-c93b-46ea-8821-f5f48c244a8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAE0AQQBPAEEAQQB3AEEAQwA0AEEATQBnAEEAdABBAEQASQBBAE4AZwBBADAAQQBEAEUAQQBOAEEAQQB3AEEARABRAEEATgBBAEEAMwBBAEQAVQBBAE0AdwBBADEAQQBEAEUAQQBOAFEAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2274 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59551c04-c93b-46ea-8821-f5f48c244a8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAE0AQQBPAEEAQQB3AEEAQwA0AEEATQBnAEEAdABBAEQASQBBAE4AZwBBADAAQQBEAEUAQQBOAEEAQQB3AEEARABRAEEATgBBAEEAMwBBAEQAVQBBAE0AdwBBADEAQQBEAEUAQQBOAFEAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2273 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59551c04-c93b-46ea-8821-f5f48c244a8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAE0AQQBPAEEAQQB3AEEAQwA0AEEATQBnAEEAdABBAEQASQBBAE4AZwBBADAAQQBEAEUAQQBOAEEAQQB3AEEARABRAEEATgBBAEEAMwBBAEQAVQBBAE0AdwBBADEAQQBEAEUAQQBOAFEAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2272 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59551c04-c93b-46ea-8821-f5f48c244a8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAE0AQQBPAEEAQQB3AEEAQwA0AEEATQBnAEEAdABBAEQASQBBAE4AZwBBADAAQQBEAEUAQQBOAEEAQQB3AEEARABRAEEATgBBAEEAMwBBAEQAVQBBAE0AdwBBADEAQQBEAEUAQQBOAFEAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2271 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59551c04-c93b-46ea-8821-f5f48c244a8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAE0AQQBPAEEAQQB3AEEAQwA0AEEATQBnAEEAdABBAEQASQBBAE4AZwBBADAAQQBEAEUAQQBOAEEAQQB3AEEARABRAEEATgBBAEEAMwBBAEQAVQBBAE0AdwBBADEAQQBEAEUAQQBOAFEAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2270 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59551c04-c93b-46ea-8821-f5f48c244a8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAE0AQQBPAEEAQQB3AEEAQwA0AEEATQBnAEEAdABBAEQASQBBAE4AZwBBADAAQQBEAEUAQQBOAEEAQQB3AEEARABRAEEATgBBAEEAMwBBAEQAVQBBAE0AdwBBADEAQQBEAEUAQQBOAFEAQQB6AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2269 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4df73b54-5538-4ee2-a988-041f43bc5be2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9fd22b90-26e3-4f74-9d8b-05e9a1002ee9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2268 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9923c006-0a33-4d5e-94a8-665379db7d0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7df17464-3287-4c05-b952-57ce51f08cc9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2267 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9923c006-0a33-4d5e-94a8-665379db7d0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2266 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9923c006-0a33-4d5e-94a8-665379db7d0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2265 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9923c006-0a33-4d5e-94a8-665379db7d0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2264 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9923c006-0a33-4d5e-94a8-665379db7d0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2263 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9923c006-0a33-4d5e-94a8-665379db7d0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2262 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9923c006-0a33-4d5e-94a8-665379db7d0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2261 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9923c006-0a33-4d5e-94a8-665379db7d0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2260 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9923c006-0a33-4d5e-94a8-665379db7d0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2259 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4df73b54-5538-4ee2-a988-041f43bc5be2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9fd22b90-26e3-4f74-9d8b-05e9a1002ee9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2258 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4df73b54-5538-4ee2-a988-041f43bc5be2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2257 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4df73b54-5538-4ee2-a988-041f43bc5be2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2256 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4df73b54-5538-4ee2-a988-041f43bc5be2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2255 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4df73b54-5538-4ee2-a988-041f43bc5be2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2254 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4df73b54-5538-4ee2-a988-041f43bc5be2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2253 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4df73b54-5538-4ee2-a988-041f43bc5be2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2252 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a2d4de4-b6a1-4433-abae-b25a13481100
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d6ec95e8-0f35-408c-bd42-6028e9a9ff0f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2251 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c3779fd-6537-4f49-80af-7d7e94aee19c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=5.1.14393.1944
RunspaceId=5021880d-66bf-47fd-91da-8572fa7d0cf6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2250 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c3779fd-6537-4f49-80af-7d7e94aee19c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=5.1.14393.1944
RunspaceId=5021880d-66bf-47fd-91da-8572fa7d0cf6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2249 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c3779fd-6537-4f49-80af-7d7e94aee19c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2248 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c3779fd-6537-4f49-80af-7d7e94aee19c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2247 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c3779fd-6537-4f49-80af-7d7e94aee19c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2246 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c3779fd-6537-4f49-80af-7d7e94aee19c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2245 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c3779fd-6537-4f49-80af-7d7e94aee19c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2244 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c3779fd-6537-4f49-80af-7d7e94aee19c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2243 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b7d4b12c-f868-481d-b58b-7cacd3b39386
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6ce2517c-dab3-461b-957e-46e27a56d8a1
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2242 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b7d4b12c-f868-481d-b58b-7cacd3b39386
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6ce2517c-dab3-461b-957e-46e27a56d8a1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2241 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b7d4b12c-f868-481d-b58b-7cacd3b39386
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2240 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b7d4b12c-f868-481d-b58b-7cacd3b39386
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2239 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b7d4b12c-f868-481d-b58b-7cacd3b39386
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2238 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b7d4b12c-f868-481d-b58b-7cacd3b39386
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2237 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b7d4b12c-f868-481d-b58b-7cacd3b39386
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2236 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b7d4b12c-f868-481d-b58b-7cacd3b39386
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2235 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b7d4b12c-f868-481d-b58b-7cacd3b39386
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2234 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b7d4b12c-f868-481d-b58b-7cacd3b39386
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2233 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a2d4de4-b6a1-4433-abae-b25a13481100
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d6ec95e8-0f35-408c-bd42-6028e9a9ff0f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2232 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a2d4de4-b6a1-4433-abae-b25a13481100
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2231 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a2d4de4-b6a1-4433-abae-b25a13481100
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2230 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a2d4de4-b6a1-4433-abae-b25a13481100
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2229 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a2d4de4-b6a1-4433-abae-b25a13481100
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2228 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a2d4de4-b6a1-4433-abae-b25a13481100
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2227 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a2d4de4-b6a1-4433-abae-b25a13481100
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2226 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=549dc4f9-d6ff-4064-b022-9cc7d66363ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f3bd0730-e6da-45e0-b553-aa2013b539c2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2225 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3406b683-5f57-4ef1-89bd-cefadee3fe92
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=5.1.14393.1944
RunspaceId=1f38ffd8-0ffa-4643-9771-bdedd168a6c9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2224 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:49:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3406b683-5f57-4ef1-89bd-cefadee3fe92
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=5.1.14393.1944
RunspaceId=1f38ffd8-0ffa-4643-9771-bdedd168a6c9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2223 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3406b683-5f57-4ef1-89bd-cefadee3fe92
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2222 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3406b683-5f57-4ef1-89bd-cefadee3fe92
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2221 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3406b683-5f57-4ef1-89bd-cefadee3fe92
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2220 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3406b683-5f57-4ef1-89bd-cefadee3fe92
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2219 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3406b683-5f57-4ef1-89bd-cefadee3fe92
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2218 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3406b683-5f57-4ef1-89bd-cefadee3fe92
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2217 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ae27c6ad-3781-4cd6-b698-9656c145aa43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=95151a94-6d85-443a-beb3-4456d3071ee1
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2216 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ae27c6ad-3781-4cd6-b698-9656c145aa43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=95151a94-6d85-443a-beb3-4456d3071ee1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2215 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ae27c6ad-3781-4cd6-b698-9656c145aa43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2214 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ae27c6ad-3781-4cd6-b698-9656c145aa43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2213 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ae27c6ad-3781-4cd6-b698-9656c145aa43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2212 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ae27c6ad-3781-4cd6-b698-9656c145aa43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2211 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ae27c6ad-3781-4cd6-b698-9656c145aa43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2210 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ae27c6ad-3781-4cd6-b698-9656c145aa43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2209 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ae27c6ad-3781-4cd6-b698-9656c145aa43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2208 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ae27c6ad-3781-4cd6-b698-9656c145aa43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2207 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=549dc4f9-d6ff-4064-b022-9cc7d66363ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f3bd0730-e6da-45e0-b553-aa2013b539c2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2206 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=549dc4f9-d6ff-4064-b022-9cc7d66363ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2205 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=549dc4f9-d6ff-4064-b022-9cc7d66363ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2204 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=549dc4f9-d6ff-4064-b022-9cc7d66363ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2203 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=549dc4f9-d6ff-4064-b022-9cc7d66363ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2202 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=549dc4f9-d6ff-4064-b022-9cc7d66363ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2201 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=549dc4f9-d6ff-4064-b022-9cc7d66363ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2200 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b1eeae1-8f3a-4f57-ae41-f17d81f52386
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a9cf9bdd-df81-48e8-96fe-cd235d2abc1a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2199 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fe62dbce-60db-4b0c-8cae-201868e0b73c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=576d003b-9ae7-4c6b-b848-efe13a019aa7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2198 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fe62dbce-60db-4b0c-8cae-201868e0b73c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=576d003b-9ae7-4c6b-b848-efe13a019aa7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2197 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fe62dbce-60db-4b0c-8cae-201868e0b73c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2196 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fe62dbce-60db-4b0c-8cae-201868e0b73c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2195 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fe62dbce-60db-4b0c-8cae-201868e0b73c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2194 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fe62dbce-60db-4b0c-8cae-201868e0b73c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2193 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fe62dbce-60db-4b0c-8cae-201868e0b73c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2192 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fe62dbce-60db-4b0c-8cae-201868e0b73c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2191 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2c4cd752-429b-4821-a840-770871708211
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8a7413c0-5356-4ffa-94f3-b062acae7a58
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2190 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2c4cd752-429b-4821-a840-770871708211
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8a7413c0-5356-4ffa-94f3-b062acae7a58
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2189 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2c4cd752-429b-4821-a840-770871708211
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2188 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2c4cd752-429b-4821-a840-770871708211
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2187 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2c4cd752-429b-4821-a840-770871708211
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2186 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2c4cd752-429b-4821-a840-770871708211
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2185 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2c4cd752-429b-4821-a840-770871708211
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2184 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2c4cd752-429b-4821-a840-770871708211
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2183 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2c4cd752-429b-4821-a840-770871708211
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2182 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2c4cd752-429b-4821-a840-770871708211
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2181 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b1eeae1-8f3a-4f57-ae41-f17d81f52386
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a9cf9bdd-df81-48e8-96fe-cd235d2abc1a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2180 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b1eeae1-8f3a-4f57-ae41-f17d81f52386
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2179 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b1eeae1-8f3a-4f57-ae41-f17d81f52386
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2178 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b1eeae1-8f3a-4f57-ae41-f17d81f52386
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2177 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b1eeae1-8f3a-4f57-ae41-f17d81f52386
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2176 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b1eeae1-8f3a-4f57-ae41-f17d81f52386
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2175 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b1eeae1-8f3a-4f57-ae41-f17d81f52386
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2174 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7de2644a-b64e-4f3e-b973-1f77e12261fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB6AEEARABNAEEATQBnAEEAdQBBAEQARQBBAE4AUQBBAHQAQQBEAEUAQQBOAGcAQQB3AEEARABFAEEATgBRAEEAMwBBAEQARQBBAE4AdwBBADUAQQBEAGsAQQBOAHcAQQB5AEEARABZAEEATQBnAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=8464a0b8-4934-410a-9594-a83189e7f155
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2173 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02aae867-4a83-4976-b779-cd49530e9293
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADMAMgAuADEANQAtADEANgAwADEANQA3ADEANwA5ADkANwAyADYAMgA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=123901db-5847-47c3-9226-6223ef6eb8cb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2172 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02aae867-4a83-4976-b779-cd49530e9293
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADMAMgAuADEANQAtADEANgAwADEANQA3ADEANwA5ADkANwAyADYAMgA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=123901db-5847-47c3-9226-6223ef6eb8cb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2171 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02aae867-4a83-4976-b779-cd49530e9293
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADMAMgAuADEANQAtADEANgAwADEANQA3ADEANwA5ADkANwAyADYAMgA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2170 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02aae867-4a83-4976-b779-cd49530e9293
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADMAMgAuADEANQAtADEANgAwADEANQA3ADEANwA5ADkANwAyADYAMgA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2169 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02aae867-4a83-4976-b779-cd49530e9293
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADMAMgAuADEANQAtADEANgAwADEANQA3ADEANwA5ADkANwAyADYAMgA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2168 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02aae867-4a83-4976-b779-cd49530e9293
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADMAMgAuADEANQAtADEANgAwADEANQA3ADEANwA5ADkANwAyADYAMgA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2167 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02aae867-4a83-4976-b779-cd49530e9293
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADMAMgAuADEANQAtADEANgAwADEANQA3ADEANwA5ADkANwAyADYAMgA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2166 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02aae867-4a83-4976-b779-cd49530e9293
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADMAMgAuADEANQAtADEANgAwADEANQA3ADEANwA5ADkANwAyADYAMgA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2165 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7de2644a-b64e-4f3e-b973-1f77e12261fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB6AEEARABNAEEATQBnAEEAdQBBAEQARQBBAE4AUQBBAHQAQQBEAEUAQQBOAGcAQQB3AEEARABFAEEATgBRAEEAMwBBAEQARQBBAE4AdwBBADUAQQBEAGsAQQBOAHcAQQB5AEEARABZAEEATQBnAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=8464a0b8-4934-410a-9594-a83189e7f155
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2164 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7de2644a-b64e-4f3e-b973-1f77e12261fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB6AEEARABNAEEATQBnAEEAdQBBAEQARQBBAE4AUQBBAHQAQQBEAEUAQQBOAGcAQQB3AEEARABFAEEATgBRAEEAMwBBAEQARQBBAE4AdwBBADUAQQBEAGsAQQBOAHcAQQB5AEEARABZAEEATQBnAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2163 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7de2644a-b64e-4f3e-b973-1f77e12261fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB6AEEARABNAEEATQBnAEEAdQBBAEQARQBBAE4AUQBBAHQAQQBEAEUAQQBOAGcAQQB3AEEARABFAEEATgBRAEEAMwBBAEQARQBBAE4AdwBBADUAQQBEAGsAQQBOAHcAQQB5AEEARABZAEEATQBnAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2162 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7de2644a-b64e-4f3e-b973-1f77e12261fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB6AEEARABNAEEATQBnAEEAdQBBAEQARQBBAE4AUQBBAHQAQQBEAEUAQQBOAGcAQQB3AEEARABFAEEATgBRAEEAMwBBAEQARQBBAE4AdwBBADUAQQBEAGsAQQBOAHcAQQB5AEEARABZAEEATQBnAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2161 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7de2644a-b64e-4f3e-b973-1f77e12261fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB6AEEARABNAEEATQBnAEEAdQBBAEQARQBBAE4AUQBBAHQAQQBEAEUAQQBOAGcAQQB3AEEARABFAEEATgBRAEEAMwBBAEQARQBBAE4AdwBBADUAQQBEAGsAQQBOAHcAQQB5AEEARABZAEEATQBnAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2160 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7de2644a-b64e-4f3e-b973-1f77e12261fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB6AEEARABNAEEATQBnAEEAdQBBAEQARQBBAE4AUQBBAHQAQQBEAEUAQQBOAGcAQQB3AEEARABFAEEATgBRAEEAMwBBAEQARQBBAE4AdwBBADUAQQBEAGsAQQBOAHcAQQB5AEEARABZAEEATQBnAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2159 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7de2644a-b64e-4f3e-b973-1f77e12261fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB6AEEARABNAEEATQBnAEEAdQBBAEQARQBBAE4AUQBBAHQAQQBEAEUAQQBOAGcAQQB3AEEARABFAEEATgBRAEEAMwBBAEQARQBBAE4AdwBBADUAQQBEAGsAQQBOAHcAQQB5AEEARABZAEEATQBnAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2158 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ccea466-d954-45d3-9178-059b7d5bcb10
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fb9430c1-629f-472e-9d3b-44851cb0b1f8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2157 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1ca47fbb-a89b-4a3c-b64a-c2cc7c55b19a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8882df71-e7ba-45e6-8d3a-f07355703772
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2156 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1ca47fbb-a89b-4a3c-b64a-c2cc7c55b19a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2155 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1ca47fbb-a89b-4a3c-b64a-c2cc7c55b19a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2154 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1ca47fbb-a89b-4a3c-b64a-c2cc7c55b19a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2153 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1ca47fbb-a89b-4a3c-b64a-c2cc7c55b19a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2152 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1ca47fbb-a89b-4a3c-b64a-c2cc7c55b19a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2151 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1ca47fbb-a89b-4a3c-b64a-c2cc7c55b19a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2150 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1ca47fbb-a89b-4a3c-b64a-c2cc7c55b19a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2149 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1ca47fbb-a89b-4a3c-b64a-c2cc7c55b19a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2148 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ccea466-d954-45d3-9178-059b7d5bcb10
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fb9430c1-629f-472e-9d3b-44851cb0b1f8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2147 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ccea466-d954-45d3-9178-059b7d5bcb10
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2146 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ccea466-d954-45d3-9178-059b7d5bcb10
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2145 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ccea466-d954-45d3-9178-059b7d5bcb10
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2144 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ccea466-d954-45d3-9178-059b7d5bcb10
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2143 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ccea466-d954-45d3-9178-059b7d5bcb10
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2142 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ccea466-d954-45d3-9178-059b7d5bcb10
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2141 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bcf432a4-09a2-4991-9a22-71315ad94322
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADMAMgAuADEANQAtADEANgAwADEANQA3ADEANwA5ADkANwAyADYAMgA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=65660bbb-ebd5-4864-b8ca-2a29eb812adc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2140 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bcf432a4-09a2-4991-9a22-71315ad94322
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADMAMgAuADEANQAtADEANgAwADEANQA3ADEANwA5ADkANwAyADYAMgA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=65660bbb-ebd5-4864-b8ca-2a29eb812adc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2139 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bcf432a4-09a2-4991-9a22-71315ad94322
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADMAMgAuADEANQAtADEANgAwADEANQA3ADEANwA5ADkANwAyADYAMgA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2138 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bcf432a4-09a2-4991-9a22-71315ad94322
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADMAMgAuADEANQAtADEANgAwADEANQA3ADEANwA5ADkANwAyADYAMgA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2137 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bcf432a4-09a2-4991-9a22-71315ad94322
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADMAMgAuADEANQAtADEANgAwADEANQA3ADEANwA5ADkANwAyADYAMgA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2136 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bcf432a4-09a2-4991-9a22-71315ad94322
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADMAMgAuADEANQAtADEANgAwADEANQA3ADEANwA5ADkANwAyADYAMgA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2135 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bcf432a4-09a2-4991-9a22-71315ad94322
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADMAMgAuADEANQAtADEANgAwADEANQA3ADEANwA5ADkANwAyADYAMgA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2134 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bcf432a4-09a2-4991-9a22-71315ad94322
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAzADMAMgAuADEANQAtADEANgAwADEANQA3ADEANwA5ADkANwAyADYAMgA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2133 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0fc43fa8-9e18-4f46-ab6c-15dd8fdce37a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAE0AQQBNAHcAQQB5AEEAQwA0AEEATQBRAEEAMQBBAEMAMABBAE0AUQBBADIAQQBEAEEAQQBNAFEAQQAxAEEARABjAEEATQBRAEEAMwBBAEQAawBBAE8AUQBBADMAQQBEAEkAQQBOAGcAQQB5AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=96ddfb89-89f9-4cbe-bbd3-7fba0200ca87
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2132 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3cc45258-5a2e-40f6-a8ae-de8636f9c585
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADMAMwAyAC4AMQA1AC0AMQA2ADAAMQA1ADcAMQA3ADkAOQA3ADIANgAyADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=dcb1154f-3154-412e-9f91-5f6a271dfcae
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2131 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3cc45258-5a2e-40f6-a8ae-de8636f9c585
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADMAMwAyAC4AMQA1AC0AMQA2ADAAMQA1ADcAMQA3ADkAOQA3ADIANgAyADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=dcb1154f-3154-412e-9f91-5f6a271dfcae
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2130 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3cc45258-5a2e-40f6-a8ae-de8636f9c585
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADMAMwAyAC4AMQA1AC0AMQA2ADAAMQA1ADcAMQA3ADkAOQA3ADIANgAyADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2129 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3cc45258-5a2e-40f6-a8ae-de8636f9c585
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADMAMwAyAC4AMQA1AC0AMQA2ADAAMQA1ADcAMQA3ADkAOQA3ADIANgAyADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2128 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3cc45258-5a2e-40f6-a8ae-de8636f9c585
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADMAMwAyAC4AMQA1AC0AMQA2ADAAMQA1ADcAMQA3ADkAOQA3ADIANgAyADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2127 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3cc45258-5a2e-40f6-a8ae-de8636f9c585
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADMAMwAyAC4AMQA1AC0AMQA2ADAAMQA1ADcAMQA3ADkAOQA3ADIANgAyADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2126 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3cc45258-5a2e-40f6-a8ae-de8636f9c585
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADMAMwAyAC4AMQA1AC0AMQA2ADAAMQA1ADcAMQA3ADkAOQA3ADIANgAyADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2125 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3cc45258-5a2e-40f6-a8ae-de8636f9c585
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADMAMwAyAC4AMQA1AC0AMQA2ADAAMQA1ADcAMQA3ADkAOQA3ADIANgAyADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2124 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0fc43fa8-9e18-4f46-ab6c-15dd8fdce37a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAE0AQQBNAHcAQQB5AEEAQwA0AEEATQBRAEEAMQBBAEMAMABBAE0AUQBBADIAQQBEAEEAQQBNAFEAQQAxAEEARABjAEEATQBRAEEAMwBBAEQAawBBAE8AUQBBADMAQQBEAEkAQQBOAGcAQQB5AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=96ddfb89-89f9-4cbe-bbd3-7fba0200ca87
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2123 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0fc43fa8-9e18-4f46-ab6c-15dd8fdce37a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAE0AQQBNAHcAQQB5AEEAQwA0AEEATQBRAEEAMQBBAEMAMABBAE0AUQBBADIAQQBEAEEAQQBNAFEAQQAxAEEARABjAEEATQBRAEEAMwBBAEQAawBBAE8AUQBBADMAQQBEAEkAQQBOAGcAQQB5AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2122 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0fc43fa8-9e18-4f46-ab6c-15dd8fdce37a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAE0AQQBNAHcAQQB5AEEAQwA0AEEATQBRAEEAMQBBAEMAMABBAE0AUQBBADIAQQBEAEEAQQBNAFEAQQAxAEEARABjAEEATQBRAEEAMwBBAEQAawBBAE8AUQBBADMAQQBEAEkAQQBOAGcAQQB5AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2121 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0fc43fa8-9e18-4f46-ab6c-15dd8fdce37a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAE0AQQBNAHcAQQB5AEEAQwA0AEEATQBRAEEAMQBBAEMAMABBAE0AUQBBADIAQQBEAEEAQQBNAFEAQQAxAEEARABjAEEATQBRAEEAMwBBAEQAawBBAE8AUQBBADMAQQBEAEkAQQBOAGcAQQB5AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2120 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0fc43fa8-9e18-4f46-ab6c-15dd8fdce37a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAE0AQQBNAHcAQQB5AEEAQwA0AEEATQBRAEEAMQBBAEMAMABBAE0AUQBBADIAQQBEAEEAQQBNAFEAQQAxAEEARABjAEEATQBRAEEAMwBBAEQAawBBAE8AUQBBADMAQQBEAEkAQQBOAGcAQQB5AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2119 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0fc43fa8-9e18-4f46-ab6c-15dd8fdce37a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAE0AQQBNAHcAQQB5AEEAQwA0AEEATQBRAEEAMQBBAEMAMABBAE0AUQBBADIAQQBEAEEAQQBNAFEAQQAxAEEARABjAEEATQBRAEEAMwBBAEQAawBBAE8AUQBBADMAQQBEAEkAQQBOAGcAQQB5AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2118 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0fc43fa8-9e18-4f46-ab6c-15dd8fdce37a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAE0AQQBNAHcAQQB5AEEAQwA0AEEATQBRAEEAMQBBAEMAMABBAE0AUQBBADIAQQBEAEEAQQBNAFEAQQAxAEEARABjAEEATQBRAEEAMwBBAEQAawBBAE8AUQBBADMAQQBEAEkAQQBOAGcAQQB5AEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2117 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7fd578b6-a47b-4ad6-b978-0f4e4ae0d549
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=de0f296c-eb54-40cd-89f6-c4499cbdc7c6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2116 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f1bcfec4-6715-4edb-838f-d0fc2b7945b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f8990d1e-79da-430e-bc1e-f6e43f1a8bc0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2115 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f1bcfec4-6715-4edb-838f-d0fc2b7945b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2114 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f1bcfec4-6715-4edb-838f-d0fc2b7945b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2113 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f1bcfec4-6715-4edb-838f-d0fc2b7945b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2112 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f1bcfec4-6715-4edb-838f-d0fc2b7945b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2111 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f1bcfec4-6715-4edb-838f-d0fc2b7945b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2110 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f1bcfec4-6715-4edb-838f-d0fc2b7945b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2109 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f1bcfec4-6715-4edb-838f-d0fc2b7945b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2108 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f1bcfec4-6715-4edb-838f-d0fc2b7945b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2107 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7fd578b6-a47b-4ad6-b978-0f4e4ae0d549
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=de0f296c-eb54-40cd-89f6-c4499cbdc7c6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2106 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7fd578b6-a47b-4ad6-b978-0f4e4ae0d549
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2105 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7fd578b6-a47b-4ad6-b978-0f4e4ae0d549
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2104 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7fd578b6-a47b-4ad6-b978-0f4e4ae0d549
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2103 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7fd578b6-a47b-4ad6-b978-0f4e4ae0d549
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2102 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7fd578b6-a47b-4ad6-b978-0f4e4ae0d549
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2101 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7fd578b6-a47b-4ad6-b978-0f4e4ae0d549
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2100 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7726215-ac4e-43b4-b428-6120089237ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=18f8c6d2-7f56-48ae-8a11-9bae1e9e9754
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2099 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=043c2ab6-8267-499b-acfd-5995eb1e304c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=5.1.14393.1944
RunspaceId=c2df8bd9-f064-41ba-8e59-12a770110b02
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2098 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:48:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=043c2ab6-8267-499b-acfd-5995eb1e304c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=5.1.14393.1944
RunspaceId=c2df8bd9-f064-41ba-8e59-12a770110b02
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2097 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=043c2ab6-8267-499b-acfd-5995eb1e304c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2096 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=043c2ab6-8267-499b-acfd-5995eb1e304c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2095 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=043c2ab6-8267-499b-acfd-5995eb1e304c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2094 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=043c2ab6-8267-499b-acfd-5995eb1e304c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2093 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=043c2ab6-8267-499b-acfd-5995eb1e304c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2092 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=043c2ab6-8267-499b-acfd-5995eb1e304c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2091 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=20c7483c-1dda-473e-a43b-d2910f1f1307
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a50c423e-cf5f-49dc-b192-1d25bca40cfc
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2090 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=20c7483c-1dda-473e-a43b-d2910f1f1307
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a50c423e-cf5f-49dc-b192-1d25bca40cfc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2089 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=20c7483c-1dda-473e-a43b-d2910f1f1307
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2088 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=20c7483c-1dda-473e-a43b-d2910f1f1307
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2087 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=20c7483c-1dda-473e-a43b-d2910f1f1307
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2086 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=20c7483c-1dda-473e-a43b-d2910f1f1307
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2085 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=20c7483c-1dda-473e-a43b-d2910f1f1307
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2084 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=20c7483c-1dda-473e-a43b-d2910f1f1307
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2083 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=20c7483c-1dda-473e-a43b-d2910f1f1307
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2082 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=20c7483c-1dda-473e-a43b-d2910f1f1307
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2081 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7726215-ac4e-43b4-b428-6120089237ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=18f8c6d2-7f56-48ae-8a11-9bae1e9e9754
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2080 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7726215-ac4e-43b4-b428-6120089237ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2079 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7726215-ac4e-43b4-b428-6120089237ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2078 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7726215-ac4e-43b4-b428-6120089237ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2077 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7726215-ac4e-43b4-b428-6120089237ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2076 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7726215-ac4e-43b4-b428-6120089237ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2075 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7726215-ac4e-43b4-b428-6120089237ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2074 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7862a6c4-bd1d-480a-8a3d-3169d19df5a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ad686231-687d-4b2e-861b-18cc34cbb922
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2073 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b61d3738-426c-4a15-ace3-73dc1754ca4b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=1f217b91-e5fd-4b86-a14f-7a6286686937
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2072 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b61d3738-426c-4a15-ace3-73dc1754ca4b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=1f217b91-e5fd-4b86-a14f-7a6286686937
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2071 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b61d3738-426c-4a15-ace3-73dc1754ca4b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2070 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b61d3738-426c-4a15-ace3-73dc1754ca4b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2069 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b61d3738-426c-4a15-ace3-73dc1754ca4b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2068 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b61d3738-426c-4a15-ace3-73dc1754ca4b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2067 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b61d3738-426c-4a15-ace3-73dc1754ca4b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2066 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b61d3738-426c-4a15-ace3-73dc1754ca4b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2065 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fefbdd8c-1d33-4a91-8e5b-48d866cc25f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=76882891-4fe1-4844-8aab-21bce068ab96
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2064 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fefbdd8c-1d33-4a91-8e5b-48d866cc25f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=76882891-4fe1-4844-8aab-21bce068ab96
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2063 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fefbdd8c-1d33-4a91-8e5b-48d866cc25f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2062 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fefbdd8c-1d33-4a91-8e5b-48d866cc25f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2061 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fefbdd8c-1d33-4a91-8e5b-48d866cc25f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2060 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fefbdd8c-1d33-4a91-8e5b-48d866cc25f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2059 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fefbdd8c-1d33-4a91-8e5b-48d866cc25f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2058 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fefbdd8c-1d33-4a91-8e5b-48d866cc25f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2057 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fefbdd8c-1d33-4a91-8e5b-48d866cc25f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2056 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fefbdd8c-1d33-4a91-8e5b-48d866cc25f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2055 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7862a6c4-bd1d-480a-8a3d-3169d19df5a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ad686231-687d-4b2e-861b-18cc34cbb922
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2054 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7862a6c4-bd1d-480a-8a3d-3169d19df5a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2053 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7862a6c4-bd1d-480a-8a3d-3169d19df5a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2052 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7862a6c4-bd1d-480a-8a3d-3169d19df5a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2051 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7862a6c4-bd1d-480a-8a3d-3169d19df5a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2050 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7862a6c4-bd1d-480a-8a3d-3169d19df5a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2049 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7862a6c4-bd1d-480a-8a3d-3169d19df5a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2048 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8fe242de-3e6c-4c69-903f-a27034d8d0c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b06a5aa2-31b0-4cd4-9956-8a74d103e10d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2047 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d1c7c317-7a80-4dc9-b8fe-f0ec01e2f18c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=900cfeb4-1afb-4607-8fb1-d5eb3dc34a92
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2046 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d1c7c317-7a80-4dc9-b8fe-f0ec01e2f18c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=900cfeb4-1afb-4607-8fb1-d5eb3dc34a92
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2045 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d1c7c317-7a80-4dc9-b8fe-f0ec01e2f18c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2044 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d1c7c317-7a80-4dc9-b8fe-f0ec01e2f18c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2043 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d1c7c317-7a80-4dc9-b8fe-f0ec01e2f18c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2042 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d1c7c317-7a80-4dc9-b8fe-f0ec01e2f18c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2041 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d1c7c317-7a80-4dc9-b8fe-f0ec01e2f18c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2040 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d1c7c317-7a80-4dc9-b8fe-f0ec01e2f18c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2039 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=706c0c89-ceab-4c58-8d0d-c8731bef9d13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2ce6cc66-b809-465a-8b23-179a8e0d2844
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2038 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=706c0c89-ceab-4c58-8d0d-c8731bef9d13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2ce6cc66-b809-465a-8b23-179a8e0d2844
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2037 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=706c0c89-ceab-4c58-8d0d-c8731bef9d13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2036 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=706c0c89-ceab-4c58-8d0d-c8731bef9d13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2035 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=706c0c89-ceab-4c58-8d0d-c8731bef9d13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2034 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=706c0c89-ceab-4c58-8d0d-c8731bef9d13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2033 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=706c0c89-ceab-4c58-8d0d-c8731bef9d13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2032 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=706c0c89-ceab-4c58-8d0d-c8731bef9d13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2031 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=706c0c89-ceab-4c58-8d0d-c8731bef9d13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2030 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=706c0c89-ceab-4c58-8d0d-c8731bef9d13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2029 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8fe242de-3e6c-4c69-903f-a27034d8d0c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b06a5aa2-31b0-4cd4-9956-8a74d103e10d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2028 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8fe242de-3e6c-4c69-903f-a27034d8d0c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2027 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8fe242de-3e6c-4c69-903f-a27034d8d0c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2026 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8fe242de-3e6c-4c69-903f-a27034d8d0c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2025 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8fe242de-3e6c-4c69-903f-a27034d8d0c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2024 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8fe242de-3e6c-4c69-903f-a27034d8d0c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2023 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8fe242de-3e6c-4c69-903f-a27034d8d0c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2022 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9f44c49-d694-4f08-9d6d-1699c466e79c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB5AEEARABFAEEATwBRAEEAdQBBAEQAZwBBAE4AQQBBAHQAQQBEAEUAQQBNAHcAQQB3AEEARABBAEEATQBBAEEAdwBBAEQAWQBBAE4AQQBBADIAQQBEAFUAQQBOAFEAQQA0AEEARABNAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=d067fd32-74e1-48f2-bd69-36f9bc5a31f7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2021 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b7523b3-fd34-44c6-b3ab-481d099f1a6d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAyADEAOQAuADgANAAtADEAMwAwADAAMAAwADYANAA2ADUANQA4ADMAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=d314525e-2ed3-4563-bc69-f593ba3e55dd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2020 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b7523b3-fd34-44c6-b3ab-481d099f1a6d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAyADEAOQAuADgANAAtADEAMwAwADAAMAAwADYANAA2ADUANQA4ADMAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=d314525e-2ed3-4563-bc69-f593ba3e55dd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2019 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b7523b3-fd34-44c6-b3ab-481d099f1a6d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAyADEAOQAuADgANAAtADEAMwAwADAAMAAwADYANAA2ADUANQA4ADMAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2018 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b7523b3-fd34-44c6-b3ab-481d099f1a6d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAyADEAOQAuADgANAAtADEAMwAwADAAMAAwADYANAA2ADUANQA4ADMAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2017 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b7523b3-fd34-44c6-b3ab-481d099f1a6d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAyADEAOQAuADgANAAtADEAMwAwADAAMAAwADYANAA2ADUANQA4ADMAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2016 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b7523b3-fd34-44c6-b3ab-481d099f1a6d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAyADEAOQAuADgANAAtADEAMwAwADAAMAAwADYANAA2ADUANQA4ADMAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2015 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b7523b3-fd34-44c6-b3ab-481d099f1a6d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAyADEAOQAuADgANAAtADEAMwAwADAAMAAwADYANAA2ADUANQA4ADMAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2014 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b7523b3-fd34-44c6-b3ab-481d099f1a6d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAyADEAOQAuADgANAAtADEAMwAwADAAMAAwADYANAA2ADUANQA4ADMAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2013 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9f44c49-d694-4f08-9d6d-1699c466e79c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB5AEEARABFAEEATwBRAEEAdQBBAEQAZwBBAE4AQQBBAHQAQQBEAEUAQQBNAHcAQQB3AEEARABBAEEATQBBAEEAdwBBAEQAWQBBAE4AQQBBADIAQQBEAFUAQQBOAFEAQQA0AEEARABNAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=d067fd32-74e1-48f2-bd69-36f9bc5a31f7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2012 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9f44c49-d694-4f08-9d6d-1699c466e79c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB5AEEARABFAEEATwBRAEEAdQBBAEQAZwBBAE4AQQBBAHQAQQBEAEUAQQBNAHcAQQB3AEEARABBAEEATQBBAEEAdwBBAEQAWQBBAE4AQQBBADIAQQBEAFUAQQBOAFEAQQA0AEEARABNAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2011 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9f44c49-d694-4f08-9d6d-1699c466e79c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB5AEEARABFAEEATwBRAEEAdQBBAEQAZwBBAE4AQQBBAHQAQQBEAEUAQQBNAHcAQQB3AEEARABBAEEATQBBAEEAdwBBAEQAWQBBAE4AQQBBADIAQQBEAFUAQQBOAFEAQQA0AEEARABNAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2010 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9f44c49-d694-4f08-9d6d-1699c466e79c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB5AEEARABFAEEATwBRAEEAdQBBAEQAZwBBAE4AQQBBAHQAQQBEAEUAQQBNAHcAQQB3AEEARABBAEEATQBBAEEAdwBBAEQAWQBBAE4AQQBBADIAQQBEAFUAQQBOAFEAQQA0AEEARABNAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2009 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9f44c49-d694-4f08-9d6d-1699c466e79c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB5AEEARABFAEEATwBRAEEAdQBBAEQAZwBBAE4AQQBBAHQAQQBEAEUAQQBNAHcAQQB3AEEARABBAEEATQBBAEEAdwBBAEQAWQBBAE4AQQBBADIAQQBEAFUAQQBOAFEAQQA0AEEARABNAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2008 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9f44c49-d694-4f08-9d6d-1699c466e79c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB5AEEARABFAEEATwBRAEEAdQBBAEQAZwBBAE4AQQBBAHQAQQBEAEUAQQBNAHcAQQB3AEEARABBAEEATQBBAEEAdwBBAEQAWQBBAE4AQQBBADIAQQBEAFUAQQBOAFEAQQA0AEEARABNAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2007 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9f44c49-d694-4f08-9d6d-1699c466e79c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB5AEEARABFAEEATwBRAEEAdQBBAEQAZwBBAE4AQQBBAHQAQQBEAEUAQQBNAHcAQQB3AEEARABBAEEATQBBAEEAdwBBAEQAWQBBAE4AQQBBADIAQQBEAFUAQQBOAFEAQQA0AEEARABNAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2006 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=231a64b0-37a7-4e5d-b73e-dc8883bcaad8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ffe88ccd-c138-4825-93f4-1cf17075d6bc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2005 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=04db5940-039c-4b79-a83b-347639784513
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=56daf11a-97c0-4964-9f49-8ef5541cbc42
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2004 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=04db5940-039c-4b79-a83b-347639784513
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2003 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=04db5940-039c-4b79-a83b-347639784513
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2002 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=04db5940-039c-4b79-a83b-347639784513
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2001 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=04db5940-039c-4b79-a83b-347639784513
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2000 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=04db5940-039c-4b79-a83b-347639784513
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1999 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=04db5940-039c-4b79-a83b-347639784513
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1998 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=04db5940-039c-4b79-a83b-347639784513
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1997 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=04db5940-039c-4b79-a83b-347639784513
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1996 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=231a64b0-37a7-4e5d-b73e-dc8883bcaad8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ffe88ccd-c138-4825-93f4-1cf17075d6bc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1995 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=231a64b0-37a7-4e5d-b73e-dc8883bcaad8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1994 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=231a64b0-37a7-4e5d-b73e-dc8883bcaad8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1993 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=231a64b0-37a7-4e5d-b73e-dc8883bcaad8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1992 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=231a64b0-37a7-4e5d-b73e-dc8883bcaad8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1991 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=231a64b0-37a7-4e5d-b73e-dc8883bcaad8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1990 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=231a64b0-37a7-4e5d-b73e-dc8883bcaad8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1989 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6440860a-b1fb-4bb9-b1f5-24ebb7a2a474
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAyADEAOQAuADgANAAtADEAMwAwADAAMAAwADYANAA2ADUANQA4ADMAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=66b9d4e9-7ad7-4933-b4d0-6755fa8bcce0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1988 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6440860a-b1fb-4bb9-b1f5-24ebb7a2a474
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAyADEAOQAuADgANAAtADEAMwAwADAAMAAwADYANAA2ADUANQA4ADMAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=66b9d4e9-7ad7-4933-b4d0-6755fa8bcce0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1987 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6440860a-b1fb-4bb9-b1f5-24ebb7a2a474
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAyADEAOQAuADgANAAtADEAMwAwADAAMAAwADYANAA2ADUANQA4ADMAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1986 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6440860a-b1fb-4bb9-b1f5-24ebb7a2a474
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAyADEAOQAuADgANAAtADEAMwAwADAAMAAwADYANAA2ADUANQA4ADMAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1985 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6440860a-b1fb-4bb9-b1f5-24ebb7a2a474
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAyADEAOQAuADgANAAtADEAMwAwADAAMAAwADYANAA2ADUANQA4ADMAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1984 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6440860a-b1fb-4bb9-b1f5-24ebb7a2a474
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAyADEAOQAuADgANAAtADEAMwAwADAAMAAwADYANAA2ADUANQA4ADMAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1983 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6440860a-b1fb-4bb9-b1f5-24ebb7a2a474
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAyADEAOQAuADgANAAtADEAMwAwADAAMAAwADYANAA2ADUANQA4ADMAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1982 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6440860a-b1fb-4bb9-b1f5-24ebb7a2a474
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAyADEAOQAuADgANAAtADEAMwAwADAAMAAwADYANAA2ADUANQA4ADMAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1981 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0c16c3ef-6503-431e-88aa-c772e52a5c94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAEkAQQBNAFEAQQA1AEEAQwA0AEEATwBBAEEAMABBAEMAMABBAE0AUQBBAHoAQQBEAEEAQQBNAEEAQQB3AEEARABBAEEATgBnAEEAMABBAEQAWQBBAE4AUQBBADEAQQBEAGcAQQBNAHcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=f835299b-a26f-4b4a-a623-f27b0176ee64
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1980 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0faeef41-b876-4ac9-9629-538ec4fc4788
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADIAMQA5AC4AOAA0AC0AMQAzADAAMAAwADAANgA0ADYANQA1ADgAMwAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=50bd0b9a-7647-4342-8d20-4a2c05f78f2b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1979 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0faeef41-b876-4ac9-9629-538ec4fc4788
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADIAMQA5AC4AOAA0AC0AMQAzADAAMAAwADAANgA0ADYANQA1ADgAMwAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=50bd0b9a-7647-4342-8d20-4a2c05f78f2b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1978 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0faeef41-b876-4ac9-9629-538ec4fc4788
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADIAMQA5AC4AOAA0AC0AMQAzADAAMAAwADAANgA0ADYANQA1ADgAMwAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1977 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0faeef41-b876-4ac9-9629-538ec4fc4788
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADIAMQA5AC4AOAA0AC0AMQAzADAAMAAwADAANgA0ADYANQA1ADgAMwAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1976 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0faeef41-b876-4ac9-9629-538ec4fc4788
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADIAMQA5AC4AOAA0AC0AMQAzADAAMAAwADAANgA0ADYANQA1ADgAMwAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1975 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0faeef41-b876-4ac9-9629-538ec4fc4788
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADIAMQA5AC4AOAA0AC0AMQAzADAAMAAwADAANgA0ADYANQA1ADgAMwAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1974 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0faeef41-b876-4ac9-9629-538ec4fc4788
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADIAMQA5AC4AOAA0AC0AMQAzADAAMAAwADAANgA0ADYANQA1ADgAMwAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1973 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0faeef41-b876-4ac9-9629-538ec4fc4788
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADIAMQA5AC4AOAA0AC0AMQAzADAAMAAwADAANgA0ADYANQA1ADgAMwAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1972 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:47:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0c16c3ef-6503-431e-88aa-c772e52a5c94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAEkAQQBNAFEAQQA1AEEAQwA0AEEATwBBAEEAMABBAEMAMABBAE0AUQBBAHoAQQBEAEEAQQBNAEEAQQB3AEEARABBAEEATgBnAEEAMABBAEQAWQBBAE4AUQBBADEAQQBEAGcAQQBNAHcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=f835299b-a26f-4b4a-a623-f27b0176ee64
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1971 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0c16c3ef-6503-431e-88aa-c772e52a5c94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAEkAQQBNAFEAQQA1AEEAQwA0AEEATwBBAEEAMABBAEMAMABBAE0AUQBBAHoAQQBEAEEAQQBNAEEAQQB3AEEARABBAEEATgBnAEEAMABBAEQAWQBBAE4AUQBBADEAQQBEAGcAQQBNAHcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1970 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0c16c3ef-6503-431e-88aa-c772e52a5c94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAEkAQQBNAFEAQQA1AEEAQwA0AEEATwBBAEEAMABBAEMAMABBAE0AUQBBAHoAQQBEAEEAQQBNAEEAQQB3AEEARABBAEEATgBnAEEAMABBAEQAWQBBAE4AUQBBADEAQQBEAGcAQQBNAHcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1969 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0c16c3ef-6503-431e-88aa-c772e52a5c94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAEkAQQBNAFEAQQA1AEEAQwA0AEEATwBBAEEAMABBAEMAMABBAE0AUQBBAHoAQQBEAEEAQQBNAEEAQQB3AEEARABBAEEATgBnAEEAMABBAEQAWQBBAE4AUQBBADEAQQBEAGcAQQBNAHcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1968 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0c16c3ef-6503-431e-88aa-c772e52a5c94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAEkAQQBNAFEAQQA1AEEAQwA0AEEATwBBAEEAMABBAEMAMABBAE0AUQBBAHoAQQBEAEEAQQBNAEEAQQB3AEEARABBAEEATgBnAEEAMABBAEQAWQBBAE4AUQBBADEAQQBEAGcAQQBNAHcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1967 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0c16c3ef-6503-431e-88aa-c772e52a5c94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAEkAQQBNAFEAQQA1AEEAQwA0AEEATwBBAEEAMABBAEMAMABBAE0AUQBBAHoAQQBEAEEAQQBNAEEAQQB3AEEARABBAEEATgBnAEEAMABBAEQAWQBBAE4AUQBBADEAQQBEAGcAQQBNAHcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1966 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0c16c3ef-6503-431e-88aa-c772e52a5c94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAEkAQQBNAFEAQQA1AEEAQwA0AEEATwBBAEEAMABBAEMAMABBAE0AUQBBAHoAQQBEAEEAQQBNAEEAQQB3AEEARABBAEEATgBnAEEAMABBAEQAWQBBAE4AUQBBADEAQQBEAGcAQQBNAHcAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1965 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19de0af6-5d39-4711-95ef-19daddc07a81
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bc4ce9ef-d003-407f-81a1-e9da11f9a72d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1964 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=267ab9bd-33c9-498f-be2f-a649510dd3c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=12dc3d0e-322c-470b-bd3b-30bb24a776b9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1963 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=267ab9bd-33c9-498f-be2f-a649510dd3c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1962 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=267ab9bd-33c9-498f-be2f-a649510dd3c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1961 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=267ab9bd-33c9-498f-be2f-a649510dd3c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1960 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=267ab9bd-33c9-498f-be2f-a649510dd3c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1959 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=267ab9bd-33c9-498f-be2f-a649510dd3c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1958 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=267ab9bd-33c9-498f-be2f-a649510dd3c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1957 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=267ab9bd-33c9-498f-be2f-a649510dd3c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1956 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=267ab9bd-33c9-498f-be2f-a649510dd3c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1955 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19de0af6-5d39-4711-95ef-19daddc07a81
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bc4ce9ef-d003-407f-81a1-e9da11f9a72d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1954 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19de0af6-5d39-4711-95ef-19daddc07a81
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1953 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19de0af6-5d39-4711-95ef-19daddc07a81
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1952 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19de0af6-5d39-4711-95ef-19daddc07a81
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1951 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19de0af6-5d39-4711-95ef-19daddc07a81
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1950 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19de0af6-5d39-4711-95ef-19daddc07a81
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1949 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19de0af6-5d39-4711-95ef-19daddc07a81
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1948 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5625b917-07fd-49a3-8482-a782b8ab0a19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b2a367a1-7689-431d-b758-cf0248d13b74
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1947 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f5508334-74dc-4a9a-9f5b-d02a9c0884d4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=5.1.14393.1944
RunspaceId=18598f06-0229-4d51-999d-31286da526fa
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1946 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f5508334-74dc-4a9a-9f5b-d02a9c0884d4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=5.1.14393.1944
RunspaceId=18598f06-0229-4d51-999d-31286da526fa
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1945 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f5508334-74dc-4a9a-9f5b-d02a9c0884d4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1944 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f5508334-74dc-4a9a-9f5b-d02a9c0884d4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1943 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f5508334-74dc-4a9a-9f5b-d02a9c0884d4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1942 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f5508334-74dc-4a9a-9f5b-d02a9c0884d4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1941 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f5508334-74dc-4a9a-9f5b-d02a9c0884d4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1940 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f5508334-74dc-4a9a-9f5b-d02a9c0884d4
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1939 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ca2abcb-5329-49d3-90f8-21bf28718a41
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ba2d9781-bc9f-4c9c-b1b6-de3dd599fc1f
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1938 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ca2abcb-5329-49d3-90f8-21bf28718a41
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ba2d9781-bc9f-4c9c-b1b6-de3dd599fc1f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1937 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ca2abcb-5329-49d3-90f8-21bf28718a41
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1936 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ca2abcb-5329-49d3-90f8-21bf28718a41
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1935 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ca2abcb-5329-49d3-90f8-21bf28718a41
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1934 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ca2abcb-5329-49d3-90f8-21bf28718a41
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1933 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ca2abcb-5329-49d3-90f8-21bf28718a41
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1932 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ca2abcb-5329-49d3-90f8-21bf28718a41
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1931 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ca2abcb-5329-49d3-90f8-21bf28718a41
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1930 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ca2abcb-5329-49d3-90f8-21bf28718a41
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1929 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5625b917-07fd-49a3-8482-a782b8ab0a19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b2a367a1-7689-431d-b758-cf0248d13b74
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1928 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5625b917-07fd-49a3-8482-a782b8ab0a19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1927 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5625b917-07fd-49a3-8482-a782b8ab0a19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1926 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5625b917-07fd-49a3-8482-a782b8ab0a19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1925 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5625b917-07fd-49a3-8482-a782b8ab0a19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1924 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5625b917-07fd-49a3-8482-a782b8ab0a19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1923 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5625b917-07fd-49a3-8482-a782b8ab0a19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1922 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2aaf529-e2f5-46ed-971a-16877e9b1fd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a0bca8ff-e726-4da4-ae3f-c65c2b19ffd3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1921 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=98a34255-c65c-4051-945f-1e97399ef207
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=5.1.14393.1944
RunspaceId=7a46f0e1-3364-4263-a4c3-a78f1774f127
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1920 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=98a34255-c65c-4051-945f-1e97399ef207
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=5.1.14393.1944
RunspaceId=7a46f0e1-3364-4263-a4c3-a78f1774f127
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1919 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=98a34255-c65c-4051-945f-1e97399ef207
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1918 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=98a34255-c65c-4051-945f-1e97399ef207
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1917 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=98a34255-c65c-4051-945f-1e97399ef207
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1916 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=98a34255-c65c-4051-945f-1e97399ef207
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1915 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=98a34255-c65c-4051-945f-1e97399ef207
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1914 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=98a34255-c65c-4051-945f-1e97399ef207
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1913 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7259a505-0212-40fe-b4c5-487fc90af9cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8b5cd47b-804c-4720-a102-18f4c1761438
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1912 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7259a505-0212-40fe-b4c5-487fc90af9cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8b5cd47b-804c-4720-a102-18f4c1761438
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1911 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7259a505-0212-40fe-b4c5-487fc90af9cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1910 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7259a505-0212-40fe-b4c5-487fc90af9cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1909 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7259a505-0212-40fe-b4c5-487fc90af9cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1908 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7259a505-0212-40fe-b4c5-487fc90af9cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1907 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7259a505-0212-40fe-b4c5-487fc90af9cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1906 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7259a505-0212-40fe-b4c5-487fc90af9cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1905 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7259a505-0212-40fe-b4c5-487fc90af9cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1904 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7259a505-0212-40fe-b4c5-487fc90af9cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1903 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2aaf529-e2f5-46ed-971a-16877e9b1fd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a0bca8ff-e726-4da4-ae3f-c65c2b19ffd3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1902 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2aaf529-e2f5-46ed-971a-16877e9b1fd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1901 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2aaf529-e2f5-46ed-971a-16877e9b1fd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1900 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2aaf529-e2f5-46ed-971a-16877e9b1fd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1899 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2aaf529-e2f5-46ed-971a-16877e9b1fd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1898 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2aaf529-e2f5-46ed-971a-16877e9b1fd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1897 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2aaf529-e2f5-46ed-971a-16877e9b1fd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1896 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3f6816f1-c107-4bf4-8539-7940a65f4dba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2065ebf5-cf08-406f-a83a-0837d46bd2a2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1895 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb969131-6c70-44c7-b8fd-2d0199a78580
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=5.1.14393.1944
RunspaceId=1497831d-41cc-42b6-886c-9be0df7b29be
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1894 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb969131-6c70-44c7-b8fd-2d0199a78580
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=5.1.14393.1944
RunspaceId=1497831d-41cc-42b6-886c-9be0df7b29be
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1893 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb969131-6c70-44c7-b8fd-2d0199a78580
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1892 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb969131-6c70-44c7-b8fd-2d0199a78580
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1891 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb969131-6c70-44c7-b8fd-2d0199a78580
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1890 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb969131-6c70-44c7-b8fd-2d0199a78580
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1889 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb969131-6c70-44c7-b8fd-2d0199a78580
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1888 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cb969131-6c70-44c7-b8fd-2d0199a78580
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1887 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1e772cfc-41b2-4a83-a91e-7233197c6be6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a39d5af7-3ee8-47ee-8ac3-bd39fa0d75b1
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1886 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1e772cfc-41b2-4a83-a91e-7233197c6be6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a39d5af7-3ee8-47ee-8ac3-bd39fa0d75b1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1885 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1e772cfc-41b2-4a83-a91e-7233197c6be6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1884 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1e772cfc-41b2-4a83-a91e-7233197c6be6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1883 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1e772cfc-41b2-4a83-a91e-7233197c6be6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1882 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1e772cfc-41b2-4a83-a91e-7233197c6be6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1881 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1e772cfc-41b2-4a83-a91e-7233197c6be6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1880 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1e772cfc-41b2-4a83-a91e-7233197c6be6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1879 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1e772cfc-41b2-4a83-a91e-7233197c6be6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1878 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1e772cfc-41b2-4a83-a91e-7233197c6be6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1877 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3f6816f1-c107-4bf4-8539-7940a65f4dba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2065ebf5-cf08-406f-a83a-0837d46bd2a2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1876 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3f6816f1-c107-4bf4-8539-7940a65f4dba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1875 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3f6816f1-c107-4bf4-8539-7940a65f4dba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1874 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3f6816f1-c107-4bf4-8539-7940a65f4dba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1873 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3f6816f1-c107-4bf4-8539-7940a65f4dba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1872 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3f6816f1-c107-4bf4-8539-7940a65f4dba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1871 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3f6816f1-c107-4bf4-8539-7940a65f4dba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1870 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3519026-69a8-472a-9d6c-6e2c81eb1a66
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1515c4e3-e177-421a-8435-6c905970c1e9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1869 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b34775e-07fe-4251-bba9-7a13bac8773d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=5.1.14393.1944
RunspaceId=cbcdbf80-242d-4297-a54d-1ec75880471c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1868 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b34775e-07fe-4251-bba9-7a13bac8773d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=5.1.14393.1944
RunspaceId=cbcdbf80-242d-4297-a54d-1ec75880471c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1867 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b34775e-07fe-4251-bba9-7a13bac8773d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1866 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b34775e-07fe-4251-bba9-7a13bac8773d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1865 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b34775e-07fe-4251-bba9-7a13bac8773d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1864 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b34775e-07fe-4251-bba9-7a13bac8773d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1863 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b34775e-07fe-4251-bba9-7a13bac8773d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1862 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7b34775e-07fe-4251-bba9-7a13bac8773d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1861 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c3ed0320-a159-4c60-ab71-a9e5f937fcc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d7f4c166-bbb0-4eb2-9db1-aa0b20a87c6f
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1860 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c3ed0320-a159-4c60-ab71-a9e5f937fcc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d7f4c166-bbb0-4eb2-9db1-aa0b20a87c6f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1859 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c3ed0320-a159-4c60-ab71-a9e5f937fcc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1858 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c3ed0320-a159-4c60-ab71-a9e5f937fcc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1857 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c3ed0320-a159-4c60-ab71-a9e5f937fcc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1856 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c3ed0320-a159-4c60-ab71-a9e5f937fcc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1855 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c3ed0320-a159-4c60-ab71-a9e5f937fcc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1854 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c3ed0320-a159-4c60-ab71-a9e5f937fcc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1853 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c3ed0320-a159-4c60-ab71-a9e5f937fcc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1852 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c3ed0320-a159-4c60-ab71-a9e5f937fcc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1851 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3519026-69a8-472a-9d6c-6e2c81eb1a66
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1515c4e3-e177-421a-8435-6c905970c1e9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1850 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3519026-69a8-472a-9d6c-6e2c81eb1a66
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1849 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3519026-69a8-472a-9d6c-6e2c81eb1a66
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1848 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3519026-69a8-472a-9d6c-6e2c81eb1a66
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1847 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3519026-69a8-472a-9d6c-6e2c81eb1a66
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1846 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3519026-69a8-472a-9d6c-6e2c81eb1a66
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1845 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3519026-69a8-472a-9d6c-6e2c81eb1a66
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1844 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb1c56d8-f35a-4448-a453-8b3fadbece30
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5c21b5dc-9a00-4348-87e7-a61b7347031b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1843 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf06d8ba-7e0d-476e-881d-bccce923ee75
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=5.1.14393.1944
RunspaceId=052d0c8a-491d-4604-8739-92147ec742ce
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1842 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf06d8ba-7e0d-476e-881d-bccce923ee75
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=5.1.14393.1944
RunspaceId=052d0c8a-491d-4604-8739-92147ec742ce
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1841 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf06d8ba-7e0d-476e-881d-bccce923ee75
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1840 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf06d8ba-7e0d-476e-881d-bccce923ee75
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1839 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf06d8ba-7e0d-476e-881d-bccce923ee75
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1838 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf06d8ba-7e0d-476e-881d-bccce923ee75
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1837 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf06d8ba-7e0d-476e-881d-bccce923ee75
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1836 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf06d8ba-7e0d-476e-881d-bccce923ee75
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1835 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5751547f-6e73-438f-8fb2-8575fb0a129f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c3aca144-4371-42be-8afa-2c6ba3c9be6b
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1834 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5751547f-6e73-438f-8fb2-8575fb0a129f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c3aca144-4371-42be-8afa-2c6ba3c9be6b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1833 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5751547f-6e73-438f-8fb2-8575fb0a129f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1832 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5751547f-6e73-438f-8fb2-8575fb0a129f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1831 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5751547f-6e73-438f-8fb2-8575fb0a129f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1830 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5751547f-6e73-438f-8fb2-8575fb0a129f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1829 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5751547f-6e73-438f-8fb2-8575fb0a129f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1828 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5751547f-6e73-438f-8fb2-8575fb0a129f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1827 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5751547f-6e73-438f-8fb2-8575fb0a129f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1826 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5751547f-6e73-438f-8fb2-8575fb0a129f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1825 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb1c56d8-f35a-4448-a453-8b3fadbece30
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5c21b5dc-9a00-4348-87e7-a61b7347031b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1824 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb1c56d8-f35a-4448-a453-8b3fadbece30
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1823 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb1c56d8-f35a-4448-a453-8b3fadbece30
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1822 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb1c56d8-f35a-4448-a453-8b3fadbece30
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1821 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb1c56d8-f35a-4448-a453-8b3fadbece30
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1820 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb1c56d8-f35a-4448-a453-8b3fadbece30
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1819 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb1c56d8-f35a-4448-a453-8b3fadbece30
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1818 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5eebff3c-9c01-4e81-8d37-412c0c60e6da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB4AEEARABjAEEATQB3AEEAdQBBAEQASQBBAE4AZwBBAHQAQQBEAEUAQQBOAGcAQQAwAEEARABJAEEATgB3AEEAMgBBAEQAUQBBAE8AQQBBAHoAQQBEAGsAQQBOAHcAQQAyAEEARABjAEEATwBBAEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=f541bd80-d11e-4835-9902-2d706c4e2551
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1817 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=afcce337-b2d9-48f8-9cee-54bd2e7f3938
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAxADcAMwAuADIANgAtADEANgA0ADIANwA2ADQAOAAzADkANwA2ADcAOAA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=3eaed198-c828-4b34-be69-c62de92b0329
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1816 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=afcce337-b2d9-48f8-9cee-54bd2e7f3938
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAxADcAMwAuADIANgAtADEANgA0ADIANwA2ADQAOAAzADkANwA2ADcAOAA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=3eaed198-c828-4b34-be69-c62de92b0329
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1815 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=afcce337-b2d9-48f8-9cee-54bd2e7f3938
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAxADcAMwAuADIANgAtADEANgA0ADIANwA2ADQAOAAzADkANwA2ADcAOAA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1814 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=afcce337-b2d9-48f8-9cee-54bd2e7f3938
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAxADcAMwAuADIANgAtADEANgA0ADIANwA2ADQAOAAzADkANwA2ADcAOAA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1813 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=afcce337-b2d9-48f8-9cee-54bd2e7f3938
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAxADcAMwAuADIANgAtADEANgA0ADIANwA2ADQAOAAzADkANwA2ADcAOAA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1812 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=afcce337-b2d9-48f8-9cee-54bd2e7f3938
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAxADcAMwAuADIANgAtADEANgA0ADIANwA2ADQAOAAzADkANwA2ADcAOAA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1811 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=afcce337-b2d9-48f8-9cee-54bd2e7f3938
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAxADcAMwAuADIANgAtADEANgA0ADIANwA2ADQAOAAzADkANwA2ADcAOAA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1810 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=afcce337-b2d9-48f8-9cee-54bd2e7f3938
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAxADcAMwAuADIANgAtADEANgA0ADIANwA2ADQAOAAzADkANwA2ADcAOAA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1809 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5eebff3c-9c01-4e81-8d37-412c0c60e6da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB4AEEARABjAEEATQB3AEEAdQBBAEQASQBBAE4AZwBBAHQAQQBEAEUAQQBOAGcAQQAwAEEARABJAEEATgB3AEEAMgBBAEQAUQBBAE8AQQBBAHoAQQBEAGsAQQBOAHcAQQAyAEEARABjAEEATwBBAEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=f541bd80-d11e-4835-9902-2d706c4e2551
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1808 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5eebff3c-9c01-4e81-8d37-412c0c60e6da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB4AEEARABjAEEATQB3AEEAdQBBAEQASQBBAE4AZwBBAHQAQQBEAEUAQQBOAGcAQQAwAEEARABJAEEATgB3AEEAMgBBAEQAUQBBAE8AQQBBAHoAQQBEAGsAQQBOAHcAQQAyAEEARABjAEEATwBBAEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1807 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5eebff3c-9c01-4e81-8d37-412c0c60e6da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB4AEEARABjAEEATQB3AEEAdQBBAEQASQBBAE4AZwBBAHQAQQBEAEUAQQBOAGcAQQAwAEEARABJAEEATgB3AEEAMgBBAEQAUQBBAE8AQQBBAHoAQQBEAGsAQQBOAHcAQQAyAEEARABjAEEATwBBAEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1806 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5eebff3c-9c01-4e81-8d37-412c0c60e6da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB4AEEARABjAEEATQB3AEEAdQBBAEQASQBBAE4AZwBBAHQAQQBEAEUAQQBOAGcAQQAwAEEARABJAEEATgB3AEEAMgBBAEQAUQBBAE8AQQBBAHoAQQBEAGsAQQBOAHcAQQAyAEEARABjAEEATwBBAEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1805 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5eebff3c-9c01-4e81-8d37-412c0c60e6da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB4AEEARABjAEEATQB3AEEAdQBBAEQASQBBAE4AZwBBAHQAQQBEAEUAQQBOAGcAQQAwAEEARABJAEEATgB3AEEAMgBBAEQAUQBBAE8AQQBBAHoAQQBEAGsAQQBOAHcAQQAyAEEARABjAEEATwBBAEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1804 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5eebff3c-9c01-4e81-8d37-412c0c60e6da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB4AEEARABjAEEATQB3AEEAdQBBAEQASQBBAE4AZwBBAHQAQQBEAEUAQQBOAGcAQQAwAEEARABJAEEATgB3AEEAMgBBAEQAUQBBAE8AQQBBAHoAQQBEAGsAQQBOAHcAQQAyAEEARABjAEEATwBBAEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1803 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5eebff3c-9c01-4e81-8d37-412c0c60e6da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAHcAQQB4AEEARABjAEEATQB3AEEAdQBBAEQASQBBAE4AZwBBAHQAQQBEAEUAQQBOAGcAQQAwAEEARABJAEEATgB3AEEAMgBBAEQAUQBBAE8AQQBBAHoAQQBEAGsAQQBOAHcAQQAyAEEARABjAEEATwBBAEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1802 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37193e63-96af-4bde-bb21-09cc50f74363
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=096c3652-c8b9-4a4d-99ff-ea90ff112248
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1801 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b0572f2e-61e0-49d0-8e72-5bd06051276d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=51c56e7b-e90c-47fd-bcb1-fb4e98117f55
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1800 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b0572f2e-61e0-49d0-8e72-5bd06051276d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1799 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b0572f2e-61e0-49d0-8e72-5bd06051276d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1798 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b0572f2e-61e0-49d0-8e72-5bd06051276d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1797 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b0572f2e-61e0-49d0-8e72-5bd06051276d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1796 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b0572f2e-61e0-49d0-8e72-5bd06051276d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1795 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b0572f2e-61e0-49d0-8e72-5bd06051276d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1794 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b0572f2e-61e0-49d0-8e72-5bd06051276d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1793 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b0572f2e-61e0-49d0-8e72-5bd06051276d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1792 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37193e63-96af-4bde-bb21-09cc50f74363
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=096c3652-c8b9-4a4d-99ff-ea90ff112248
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1791 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37193e63-96af-4bde-bb21-09cc50f74363
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1790 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37193e63-96af-4bde-bb21-09cc50f74363
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1789 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37193e63-96af-4bde-bb21-09cc50f74363
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1788 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37193e63-96af-4bde-bb21-09cc50f74363
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1787 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37193e63-96af-4bde-bb21-09cc50f74363
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1786 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37193e63-96af-4bde-bb21-09cc50f74363
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1785 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2d7b4f93-575e-4b1f-a9a3-9843ce285f95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAxADcAMwAuADIANgAtADEANgA0ADIANwA2ADQAOAAzADkANwA2ADcAOAA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=8e4f12bc-9860-4938-80e8-d6a338511ad1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1784 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2d7b4f93-575e-4b1f-a9a3-9843ce285f95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAxADcAMwAuADIANgAtADEANgA0ADIANwA2ADQAOAAzADkANwA2ADcAOAA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=8e4f12bc-9860-4938-80e8-d6a338511ad1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1783 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2d7b4f93-575e-4b1f-a9a3-9843ce285f95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAxADcAMwAuADIANgAtADEANgA0ADIANwA2ADQAOAAzADkANwA2ADcAOAA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1782 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2d7b4f93-575e-4b1f-a9a3-9843ce285f95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAxADcAMwAuADIANgAtADEANgA0ADIANwA2ADQAOAAzADkANwA2ADcAOAA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1781 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2d7b4f93-575e-4b1f-a9a3-9843ce285f95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAxADcAMwAuADIANgAtADEANgA0ADIANwA2ADQAOAAzADkANwA2ADcAOAA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1780 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2d7b4f93-575e-4b1f-a9a3-9843ce285f95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAxADcAMwAuADIANgAtADEANgA0ADIANwA2ADQAOAAzADkANwA2ADcAOAA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1779 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2d7b4f93-575e-4b1f-a9a3-9843ce285f95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAxADcAMwAuADIANgAtADEANgA0ADIANwA2ADQAOAAzADkANwA2ADcAOAA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1778 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2d7b4f93-575e-4b1f-a9a3-9843ce285f95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANwAxADcAMwAuADIANgAtADEANgA0ADIANwA2ADQAOAAzADkANwA2ADcAOAA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1777 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=590996cc-9a81-4f2b-9d02-e5046a1fbf08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAEUAQQBOAHcAQQB6AEEAQwA0AEEATQBnAEEAMgBBAEMAMABBAE0AUQBBADIAQQBEAFEAQQBNAGcAQQAzAEEARABZAEEATgBBAEEANABBAEQATQBBAE8AUQBBADMAQQBEAFkAQQBOAHcAQQA0AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=5671f116-5ba1-4e32-a480-da8524ae6ee2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1776 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bab19af4-19de-4394-8a07-55219e82223d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADEANwAzAC4AMgA2AC0AMQA2ADQAMgA3ADYANAA4ADMAOQA3ADYANwA4ADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=26f6c6be-f777-4d21-84e7-6a1fb7cad615
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1775 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bab19af4-19de-4394-8a07-55219e82223d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADEANwAzAC4AMgA2AC0AMQA2ADQAMgA3ADYANAA4ADMAOQA3ADYANwA4ADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=26f6c6be-f777-4d21-84e7-6a1fb7cad615
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1774 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bab19af4-19de-4394-8a07-55219e82223d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADEANwAzAC4AMgA2AC0AMQA2ADQAMgA3ADYANAA4ADMAOQA3ADYANwA4ADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1773 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bab19af4-19de-4394-8a07-55219e82223d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADEANwAzAC4AMgA2AC0AMQA2ADQAMgA3ADYANAA4ADMAOQA3ADYANwA4ADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1772 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bab19af4-19de-4394-8a07-55219e82223d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADEANwAzAC4AMgA2AC0AMQA2ADQAMgA3ADYANAA4ADMAOQA3ADYANwA4ADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1771 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bab19af4-19de-4394-8a07-55219e82223d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADEANwAzAC4AMgA2AC0AMQA2ADQAMgA3ADYANAA4ADMAOQA3ADYANwA4ADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1770 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bab19af4-19de-4394-8a07-55219e82223d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADEANwAzAC4AMgA2AC0AMQA2ADQAMgA3ADYANAA4ADMAOQA3ADYANwA4ADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1769 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bab19af4-19de-4394-8a07-55219e82223d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA3ADEANwAzAC4AMgA2AC0AMQA2ADQAMgA3ADYANAA4ADMAOQA3ADYANwA4ADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1768 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=590996cc-9a81-4f2b-9d02-e5046a1fbf08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAEUAQQBOAHcAQQB6AEEAQwA0AEEATQBnAEEAMgBBAEMAMABBAE0AUQBBADIAQQBEAFEAQQBNAGcAQQAzAEEARABZAEEATgBBAEEANABBAEQATQBBAE8AUQBBADMAQQBEAFkAQQBOAHcAQQA0AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=5671f116-5ba1-4e32-a480-da8524ae6ee2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1767 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=590996cc-9a81-4f2b-9d02-e5046a1fbf08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAEUAQQBOAHcAQQB6AEEAQwA0AEEATQBnAEEAMgBBAEMAMABBAE0AUQBBADIAQQBEAFEAQQBNAGcAQQAzAEEARABZAEEATgBBAEEANABBAEQATQBBAE8AUQBBADMAQQBEAFkAQQBOAHcAQQA0AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1766 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=590996cc-9a81-4f2b-9d02-e5046a1fbf08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAEUAQQBOAHcAQQB6AEEAQwA0AEEATQBnAEEAMgBBAEMAMABBAE0AUQBBADIAQQBEAFEAQQBNAGcAQQAzAEEARABZAEEATgBBAEEANABBAEQATQBBAE8AUQBBADMAQQBEAFkAQQBOAHcAQQA0AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1765 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=590996cc-9a81-4f2b-9d02-e5046a1fbf08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAEUAQQBOAHcAQQB6AEEAQwA0AEEATQBnAEEAMgBBAEMAMABBAE0AUQBBADIAQQBEAFEAQQBNAGcAQQAzAEEARABZAEEATgBBAEEANABBAEQATQBBAE8AUQBBADMAQQBEAFkAQQBOAHcAQQA0AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1764 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=590996cc-9a81-4f2b-9d02-e5046a1fbf08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAEUAQQBOAHcAQQB6AEEAQwA0AEEATQBnAEEAMgBBAEMAMABBAE0AUQBBADIAQQBEAFEAQQBNAGcAQQAzAEEARABZAEEATgBBAEEANABBAEQATQBBAE8AUQBBADMAQQBEAFkAQQBOAHcAQQA0AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1763 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=590996cc-9a81-4f2b-9d02-e5046a1fbf08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAEUAQQBOAHcAQQB6AEEAQwA0AEEATQBnAEEAMgBBAEMAMABBAE0AUQBBADIAQQBEAFEAQQBNAGcAQQAzAEEARABZAEEATgBBAEEANABBAEQATQBBAE8AUQBBADMAQQBEAFkAQQBOAHcAQQA0AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1762 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=590996cc-9a81-4f2b-9d02-e5046a1fbf08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADMAQQBEAEUAQQBOAHcAQQB6AEEAQwA0AEEATQBnAEEAMgBBAEMAMABBAE0AUQBBADIAQQBEAFEAQQBNAGcAQQAzAEEARABZAEEATgBBAEEANABBAEQATQBBAE8AUQBBADMAQQBEAFkAQQBOAHcAQQA0AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1761 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=13f92bd6-37bc-45fa-8474-b57d12f84d9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=abb0a891-b89f-4a4d-88f2-05e0a7dea6b5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1760 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9dd28c51-a0ab-4663-a2c8-f026fac5fc20
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d767b8c7-6678-4002-86c3-e2908b8aba57
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1759 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9dd28c51-a0ab-4663-a2c8-f026fac5fc20
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1758 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9dd28c51-a0ab-4663-a2c8-f026fac5fc20
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1757 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9dd28c51-a0ab-4663-a2c8-f026fac5fc20
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1756 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9dd28c51-a0ab-4663-a2c8-f026fac5fc20
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1755 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9dd28c51-a0ab-4663-a2c8-f026fac5fc20
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1754 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9dd28c51-a0ab-4663-a2c8-f026fac5fc20
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1753 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9dd28c51-a0ab-4663-a2c8-f026fac5fc20
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1752 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9dd28c51-a0ab-4663-a2c8-f026fac5fc20
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1751 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=13f92bd6-37bc-45fa-8474-b57d12f84d9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=abb0a891-b89f-4a4d-88f2-05e0a7dea6b5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1750 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=13f92bd6-37bc-45fa-8474-b57d12f84d9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1749 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=13f92bd6-37bc-45fa-8474-b57d12f84d9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1748 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=13f92bd6-37bc-45fa-8474-b57d12f84d9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1747 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=13f92bd6-37bc-45fa-8474-b57d12f84d9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1746 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=13f92bd6-37bc-45fa-8474-b57d12f84d9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1745 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=13f92bd6-37bc-45fa-8474-b57d12f84d9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1744 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ec70921-9d17-4400-ae6f-7c2e3302ddc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3287f3a5-1885-4ea0-b698-594f27fe6c8c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1743 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94834505-cf99-4b11-9ac8-b78186f8b82d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAOQA2ADcANwA2AGUANwA0AGMAZgAyAGEANABmAGQAMgA4AGIANABmADAAOQAxAGEAZAAzADAAMAAxADQAMgAzACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAG8AdgBhACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdQB0AHIAbwBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIABvAHAAZQBuAHMAdABhAGMAawAvAGMAaQBuAGQAZQByACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=5.1.14393.1944
RunspaceId=13555ad5-85ab-4061-a970-1b3975d6ca0c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1742 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:46:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94834505-cf99-4b11-9ac8-b78186f8b82d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAOQA2ADcANwA2AGUANwA0AGMAZgAyAGEANABmAGQAMgA4AGIANABmADAAOQAxAGEAZAAzADAAMAAxADQAMgAzACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAG8AdgBhACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdQB0AHIAbwBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIABvAHAAZQBuAHMAdABhAGMAawAvAGMAaQBuAGQAZQByACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=5.1.14393.1944
RunspaceId=13555ad5-85ab-4061-a970-1b3975d6ca0c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1741 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94834505-cf99-4b11-9ac8-b78186f8b82d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAOQA2ADcANwA2AGUANwA0AGMAZgAyAGEANABmAGQAMgA4AGIANABmADAAOQAxAGEAZAAzADAAMAAxADQAMgAzACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAG8AdgBhACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdQB0AHIAbwBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIABvAHAAZQBuAHMAdABhAGMAawAvAGMAaQBuAGQAZQByACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1740 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94834505-cf99-4b11-9ac8-b78186f8b82d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAOQA2ADcANwA2AGUANwA0AGMAZgAyAGEANABmAGQAMgA4AGIANABmADAAOQAxAGEAZAAzADAAMAAxADQAMgAzACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAG8AdgBhACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdQB0AHIAbwBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIABvAHAAZQBuAHMAdABhAGMAawAvAGMAaQBuAGQAZQByACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1739 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94834505-cf99-4b11-9ac8-b78186f8b82d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAOQA2ADcANwA2AGUANwA0AGMAZgAyAGEANABmAGQAMgA4AGIANABmADAAOQAxAGEAZAAzADAAMAAxADQAMgAzACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAG8AdgBhACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdQB0AHIAbwBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIABvAHAAZQBuAHMAdABhAGMAawAvAGMAaQBuAGQAZQByACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1738 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94834505-cf99-4b11-9ac8-b78186f8b82d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAOQA2ADcANwA2AGUANwA0AGMAZgAyAGEANABmAGQAMgA4AGIANABmADAAOQAxAGEAZAAzADAAMAAxADQAMgAzACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAG8AdgBhACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdQB0AHIAbwBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIABvAHAAZQBuAHMAdABhAGMAawAvAGMAaQBuAGQAZQByACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1737 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94834505-cf99-4b11-9ac8-b78186f8b82d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAOQA2ADcANwA2AGUANwA0AGMAZgAyAGEANABmAGQAMgA4AGIANABmADAAOQAxAGEAZAAzADAAMAAxADQAMgAzACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAG8AdgBhACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdQB0AHIAbwBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIABvAHAAZQBuAHMAdABhAGMAawAvAGMAaQBuAGQAZQByACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1736 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94834505-cf99-4b11-9ac8-b78186f8b82d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAOQA2ADcANwA2AGUANwA0AGMAZgAyAGEANABmAGQAMgA4AGIANABmADAAOQAxAGEAZAAzADAAMAAxADQAMgAzACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAG8AdgBhACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdQB0AHIAbwBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIABvAHAAZQBuAHMAdABhAGMAawAvAGMAaQBuAGQAZQByACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1735 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e074f474-ff4f-4316-8381-643f0d1afaee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8e1ac252-e3df-4f76-b503-e3c77b87d8c3
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1734 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e074f474-ff4f-4316-8381-643f0d1afaee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8e1ac252-e3df-4f76-b503-e3c77b87d8c3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1733 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e074f474-ff4f-4316-8381-643f0d1afaee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1732 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e074f474-ff4f-4316-8381-643f0d1afaee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1731 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e074f474-ff4f-4316-8381-643f0d1afaee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1730 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e074f474-ff4f-4316-8381-643f0d1afaee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1729 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e074f474-ff4f-4316-8381-643f0d1afaee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1728 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e074f474-ff4f-4316-8381-643f0d1afaee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1727 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e074f474-ff4f-4316-8381-643f0d1afaee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1726 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e074f474-ff4f-4316-8381-643f0d1afaee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1725 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ec70921-9d17-4400-ae6f-7c2e3302ddc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3287f3a5-1885-4ea0-b698-594f27fe6c8c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1724 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ec70921-9d17-4400-ae6f-7c2e3302ddc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1723 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ec70921-9d17-4400-ae6f-7c2e3302ddc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1722 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ec70921-9d17-4400-ae6f-7c2e3302ddc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1721 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ec70921-9d17-4400-ae6f-7c2e3302ddc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1720 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ec70921-9d17-4400-ae6f-7c2e3302ddc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1719 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ec70921-9d17-4400-ae6f-7c2e3302ddc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1718 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d73649c5-c447-4472-aa59-03fb21b54766
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAxAEEARABnAEEATQBRAEEAdQBBAEQAawBBAE0AdwBBAHQAQQBEAGsAQQBOAFEAQQB4AEEARABNAEEATQBBAEEAMABBAEQASQBBAE0AUQBBAHcAQQBEAEEAQQBNAGcAQQAzAEEARABrAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=bd15048a-55d1-48cd-a88f-9aebdc4653d6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1717 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7c9cbea2-ada0-4659-9270-db8c4f79d493
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA1ADgAMQAuADkAMwAtADkANQAxADMAMAA0ADIAMQAwADAAMgA3ADkANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=ec9da431-b18b-4fbe-a893-626a198eb4e6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1716 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7c9cbea2-ada0-4659-9270-db8c4f79d493
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA1ADgAMQAuADkAMwAtADkANQAxADMAMAA0ADIAMQAwADAAMgA3ADkANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=ec9da431-b18b-4fbe-a893-626a198eb4e6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1715 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7c9cbea2-ada0-4659-9270-db8c4f79d493
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA1ADgAMQAuADkAMwAtADkANQAxADMAMAA0ADIAMQAwADAAMgA3ADkANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1714 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7c9cbea2-ada0-4659-9270-db8c4f79d493
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA1ADgAMQAuADkAMwAtADkANQAxADMAMAA0ADIAMQAwADAAMgA3ADkANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1713 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7c9cbea2-ada0-4659-9270-db8c4f79d493
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA1ADgAMQAuADkAMwAtADkANQAxADMAMAA0ADIAMQAwADAAMgA3ADkANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1712 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7c9cbea2-ada0-4659-9270-db8c4f79d493
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA1ADgAMQAuADkAMwAtADkANQAxADMAMAA0ADIAMQAwADAAMgA3ADkANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1711 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7c9cbea2-ada0-4659-9270-db8c4f79d493
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA1ADgAMQAuADkAMwAtADkANQAxADMAMAA0ADIAMQAwADAAMgA3ADkANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1710 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7c9cbea2-ada0-4659-9270-db8c4f79d493
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA1ADgAMQAuADkAMwAtADkANQAxADMAMAA0ADIAMQAwADAAMgA3ADkANQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1709 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d73649c5-c447-4472-aa59-03fb21b54766
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAxAEEARABnAEEATQBRAEEAdQBBAEQAawBBAE0AdwBBAHQAQQBEAGsAQQBOAFEAQQB4AEEARABNAEEATQBBAEEAMABBAEQASQBBAE0AUQBBAHcAQQBEAEEAQQBNAGcAQQAzAEEARABrAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=bd15048a-55d1-48cd-a88f-9aebdc4653d6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1708 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d73649c5-c447-4472-aa59-03fb21b54766
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAxAEEARABnAEEATQBRAEEAdQBBAEQAawBBAE0AdwBBAHQAQQBEAGsAQQBOAFEAQQB4AEEARABNAEEATQBBAEEAMABBAEQASQBBAE0AUQBBAHcAQQBEAEEAQQBNAGcAQQAzAEEARABrAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1707 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d73649c5-c447-4472-aa59-03fb21b54766
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAxAEEARABnAEEATQBRAEEAdQBBAEQAawBBAE0AdwBBAHQAQQBEAGsAQQBOAFEAQQB4AEEARABNAEEATQBBAEEAMABBAEQASQBBAE0AUQBBAHcAQQBEAEEAQQBNAGcAQQAzAEEARABrAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1706 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d73649c5-c447-4472-aa59-03fb21b54766
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAxAEEARABnAEEATQBRAEEAdQBBAEQAawBBAE0AdwBBAHQAQQBEAGsAQQBOAFEAQQB4AEEARABNAEEATQBBAEEAMABBAEQASQBBAE0AUQBBAHcAQQBEAEEAQQBNAGcAQQAzAEEARABrAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1705 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d73649c5-c447-4472-aa59-03fb21b54766
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAxAEEARABnAEEATQBRAEEAdQBBAEQAawBBAE0AdwBBAHQAQQBEAGsAQQBOAFEAQQB4AEEARABNAEEATQBBAEEAMABBAEQASQBBAE0AUQBBAHcAQQBEAEEAQQBNAGcAQQAzAEEARABrAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1704 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d73649c5-c447-4472-aa59-03fb21b54766
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAxAEEARABnAEEATQBRAEEAdQBBAEQAawBBAE0AdwBBAHQAQQBEAGsAQQBOAFEAQQB4AEEARABNAEEATQBBAEEAMABBAEQASQBBAE0AUQBBAHcAQQBEAEEAQQBNAGcAQQAzAEEARABrAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1703 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d73649c5-c447-4472-aa59-03fb21b54766
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAxAEEARABnAEEATQBRAEEAdQBBAEQAawBBAE0AdwBBAHQAQQBEAGsAQQBOAFEAQQB4AEEARABNAEEATQBBAEEAMABBAEQASQBBAE0AUQBBAHcAQQBEAEEAQQBNAGcAQQAzAEEARABrAEEATgBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1702 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2f5ee25-eb39-4099-984e-e48428e85366
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f5cdae10-74c8-4add-b892-4664ef921928
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1701 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1c796e73-4a06-45e6-a998-c9fa0ba5e0d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4925d9d9-df3b-4161-a99f-caf7abcc8326
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1700 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1c796e73-4a06-45e6-a998-c9fa0ba5e0d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1699 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1c796e73-4a06-45e6-a998-c9fa0ba5e0d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1698 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1c796e73-4a06-45e6-a998-c9fa0ba5e0d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1697 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1c796e73-4a06-45e6-a998-c9fa0ba5e0d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1696 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1c796e73-4a06-45e6-a998-c9fa0ba5e0d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1695 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1c796e73-4a06-45e6-a998-c9fa0ba5e0d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1694 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1c796e73-4a06-45e6-a998-c9fa0ba5e0d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1693 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1c796e73-4a06-45e6-a998-c9fa0ba5e0d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1692 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2f5ee25-eb39-4099-984e-e48428e85366
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f5cdae10-74c8-4add-b892-4664ef921928
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1691 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2f5ee25-eb39-4099-984e-e48428e85366
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1690 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2f5ee25-eb39-4099-984e-e48428e85366
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1689 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2f5ee25-eb39-4099-984e-e48428e85366
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1688 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2f5ee25-eb39-4099-984e-e48428e85366
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1687 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2f5ee25-eb39-4099-984e-e48428e85366
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1686 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2f5ee25-eb39-4099-984e-e48428e85366
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1685 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a2ed97d-fcbb-4bf4-810f-c2ef11f5d6c5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA1ADgAMQAuADkAMwAtADkANQAxADMAMAA0ADIAMQAwADAAMgA3ADkANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=5c207bcf-a348-4d1f-93f3-15c1180bdd91
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1684 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a2ed97d-fcbb-4bf4-810f-c2ef11f5d6c5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA1ADgAMQAuADkAMwAtADkANQAxADMAMAA0ADIAMQAwADAAMgA3ADkANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=5c207bcf-a348-4d1f-93f3-15c1180bdd91
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1683 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a2ed97d-fcbb-4bf4-810f-c2ef11f5d6c5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA1ADgAMQAuADkAMwAtADkANQAxADMAMAA0ADIAMQAwADAAMgA3ADkANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1682 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a2ed97d-fcbb-4bf4-810f-c2ef11f5d6c5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA1ADgAMQAuADkAMwAtADkANQAxADMAMAA0ADIAMQAwADAAMgA3ADkANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1681 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a2ed97d-fcbb-4bf4-810f-c2ef11f5d6c5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA1ADgAMQAuADkAMwAtADkANQAxADMAMAA0ADIAMQAwADAAMgA3ADkANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1680 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a2ed97d-fcbb-4bf4-810f-c2ef11f5d6c5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA1ADgAMQAuADkAMwAtADkANQAxADMAMAA0ADIAMQAwADAAMgA3ADkANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1679 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a2ed97d-fcbb-4bf4-810f-c2ef11f5d6c5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA1ADgAMQAuADkAMwAtADkANQAxADMAMAA0ADIAMQAwADAAMgA3ADkANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1678 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a2ed97d-fcbb-4bf4-810f-c2ef11f5d6c5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA1ADgAMQAuADkAMwAtADkANQAxADMAMAA0ADIAMQAwADAAMgA3ADkANQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1677 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8c97386-d52b-4756-9908-ea6f33d6b36a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFUAQQBPAEEAQQB4AEEAQwA0AEEATwBRAEEAegBBAEMAMABBAE8AUQBBADEAQQBEAEUAQQBNAHcAQQB3AEEARABRAEEATQBnAEEAeABBAEQAQQBBAE0AQQBBAHkAQQBEAGMAQQBPAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=41c28a5e-ca24-49f2-9891-97daebb40198
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1676 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9ddcdb36-a3f9-4712-b171-fc9e7b4fc369
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADUAOAAxAC4AOQAzAC0AOQA1ADEAMwAwADQAMgAxADAAMAAyADcAOQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=4c84af06-136a-44ea-be3d-00f22422716b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1675 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9ddcdb36-a3f9-4712-b171-fc9e7b4fc369
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADUAOAAxAC4AOQAzAC0AOQA1ADEAMwAwADQAMgAxADAAMAAyADcAOQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=4c84af06-136a-44ea-be3d-00f22422716b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1674 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9ddcdb36-a3f9-4712-b171-fc9e7b4fc369
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADUAOAAxAC4AOQAzAC0AOQA1ADEAMwAwADQAMgAxADAAMAAyADcAOQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1673 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9ddcdb36-a3f9-4712-b171-fc9e7b4fc369
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADUAOAAxAC4AOQAzAC0AOQA1ADEAMwAwADQAMgAxADAAMAAyADcAOQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1672 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9ddcdb36-a3f9-4712-b171-fc9e7b4fc369
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADUAOAAxAC4AOQAzAC0AOQA1ADEAMwAwADQAMgAxADAAMAAyADcAOQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1671 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9ddcdb36-a3f9-4712-b171-fc9e7b4fc369
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADUAOAAxAC4AOQAzAC0AOQA1ADEAMwAwADQAMgAxADAAMAAyADcAOQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1670 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9ddcdb36-a3f9-4712-b171-fc9e7b4fc369
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADUAOAAxAC4AOQAzAC0AOQA1ADEAMwAwADQAMgAxADAAMAAyADcAOQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1669 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9ddcdb36-a3f9-4712-b171-fc9e7b4fc369
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADUAOAAxAC4AOQAzAC0AOQA1ADEAMwAwADQAMgAxADAAMAAyADcAOQA1ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1668 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8c97386-d52b-4756-9908-ea6f33d6b36a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFUAQQBPAEEAQQB4AEEAQwA0AEEATwBRAEEAegBBAEMAMABBAE8AUQBBADEAQQBEAEUAQQBNAHcAQQB3AEEARABRAEEATQBnAEEAeABBAEQAQQBBAE0AQQBBAHkAQQBEAGMAQQBPAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=41c28a5e-ca24-49f2-9891-97daebb40198
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1667 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8c97386-d52b-4756-9908-ea6f33d6b36a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFUAQQBPAEEAQQB4AEEAQwA0AEEATwBRAEEAegBBAEMAMABBAE8AUQBBADEAQQBEAEUAQQBNAHcAQQB3AEEARABRAEEATQBnAEEAeABBAEQAQQBBAE0AQQBBAHkAQQBEAGMAQQBPAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1666 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8c97386-d52b-4756-9908-ea6f33d6b36a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFUAQQBPAEEAQQB4AEEAQwA0AEEATwBRAEEAegBBAEMAMABBAE8AUQBBADEAQQBEAEUAQQBNAHcAQQB3AEEARABRAEEATQBnAEEAeABBAEQAQQBBAE0AQQBBAHkAQQBEAGMAQQBPAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1665 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8c97386-d52b-4756-9908-ea6f33d6b36a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFUAQQBPAEEAQQB4AEEAQwA0AEEATwBRAEEAegBBAEMAMABBAE8AUQBBADEAQQBEAEUAQQBNAHcAQQB3AEEARABRAEEATQBnAEEAeABBAEQAQQBBAE0AQQBBAHkAQQBEAGMAQQBPAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1664 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8c97386-d52b-4756-9908-ea6f33d6b36a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFUAQQBPAEEAQQB4AEEAQwA0AEEATwBRAEEAegBBAEMAMABBAE8AUQBBADEAQQBEAEUAQQBNAHcAQQB3AEEARABRAEEATQBnAEEAeABBAEQAQQBBAE0AQQBBAHkAQQBEAGMAQQBPAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1663 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8c97386-d52b-4756-9908-ea6f33d6b36a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFUAQQBPAEEAQQB4AEEAQwA0AEEATwBRAEEAegBBAEMAMABBAE8AUQBBADEAQQBEAEUAQQBNAHcAQQB3AEEARABRAEEATQBnAEEAeABBAEQAQQBBAE0AQQBBAHkAQQBEAGMAQQBPAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1662 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8c97386-d52b-4756-9908-ea6f33d6b36a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFUAQQBPAEEAQQB4AEEAQwA0AEEATwBRAEEAegBBAEMAMABBAE8AUQBBADEAQQBEAEUAQQBNAHcAQQB3AEEARABRAEEATQBnAEEAeABBAEQAQQBBAE0AQQBBAHkAQQBEAGMAQQBPAFEAQQAxAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1661 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9721d02a-a15a-4398-9eed-14eab99b6793
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4067c71a-e0d0-4c76-9889-6d395944ea33
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1660 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9b672813-d15f-456c-8900-74d10e89392a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=57702eb4-5762-4838-87d7-f0feb6f63656
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1659 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9b672813-d15f-456c-8900-74d10e89392a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1658 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9b672813-d15f-456c-8900-74d10e89392a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1657 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9b672813-d15f-456c-8900-74d10e89392a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1656 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9b672813-d15f-456c-8900-74d10e89392a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1655 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9b672813-d15f-456c-8900-74d10e89392a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1654 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9b672813-d15f-456c-8900-74d10e89392a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1653 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9b672813-d15f-456c-8900-74d10e89392a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1652 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9b672813-d15f-456c-8900-74d10e89392a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1651 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9721d02a-a15a-4398-9eed-14eab99b6793
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4067c71a-e0d0-4c76-9889-6d395944ea33
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1650 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9721d02a-a15a-4398-9eed-14eab99b6793
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1649 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9721d02a-a15a-4398-9eed-14eab99b6793
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1648 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9721d02a-a15a-4398-9eed-14eab99b6793
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1647 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9721d02a-a15a-4398-9eed-14eab99b6793
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1646 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9721d02a-a15a-4398-9eed-14eab99b6793
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1645 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9721d02a-a15a-4398-9eed-14eab99b6793
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1644 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08473bed-c3e0-435a-9f77-8c90d91e98e4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f2d287f2-76f0-4ae8-bb47-3d198d5814dd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1643 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a63ea7ea-5712-4882-87e2-bc2cb3db71f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=16e8e679-a2ae-4142-951f-a596915d5c83
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1642 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a63ea7ea-5712-4882-87e2-bc2cb3db71f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1641 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a63ea7ea-5712-4882-87e2-bc2cb3db71f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1640 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a63ea7ea-5712-4882-87e2-bc2cb3db71f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1639 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a63ea7ea-5712-4882-87e2-bc2cb3db71f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1638 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a63ea7ea-5712-4882-87e2-bc2cb3db71f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1637 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a63ea7ea-5712-4882-87e2-bc2cb3db71f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1636 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a63ea7ea-5712-4882-87e2-bc2cb3db71f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1635 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a63ea7ea-5712-4882-87e2-bc2cb3db71f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1634 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08473bed-c3e0-435a-9f77-8c90d91e98e4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f2d287f2-76f0-4ae8-bb47-3d198d5814dd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1633 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08473bed-c3e0-435a-9f77-8c90d91e98e4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1632 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08473bed-c3e0-435a-9f77-8c90d91e98e4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1631 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08473bed-c3e0-435a-9f77-8c90d91e98e4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1630 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08473bed-c3e0-435a-9f77-8c90d91e98e4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1629 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08473bed-c3e0-435a-9f77-8c90d91e98e4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1628 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08473bed-c3e0-435a-9f77-8c90d91e98e4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1627 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4f8055c-378e-4348-8611-8754d1fbaffd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8423a6c6-05ac-4409-a88c-ed28196be898
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1626 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:36:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a9d9c0ed-7c75-44b0-9e81-d707d2d18a70
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fd91c27b-5b08-4da5-81e8-46ce05edcdb4
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1625 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a9d9c0ed-7c75-44b0-9e81-d707d2d18a70
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fd91c27b-5b08-4da5-81e8-46ce05edcdb4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1624 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a9d9c0ed-7c75-44b0-9e81-d707d2d18a70
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1623 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a9d9c0ed-7c75-44b0-9e81-d707d2d18a70
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1622 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a9d9c0ed-7c75-44b0-9e81-d707d2d18a70
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1621 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a9d9c0ed-7c75-44b0-9e81-d707d2d18a70
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1620 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a9d9c0ed-7c75-44b0-9e81-d707d2d18a70
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1619 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a9d9c0ed-7c75-44b0-9e81-d707d2d18a70
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1618 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a9d9c0ed-7c75-44b0-9e81-d707d2d18a70
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1617 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a9d9c0ed-7c75-44b0-9e81-d707d2d18a70
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1616 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4f8055c-378e-4348-8611-8754d1fbaffd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8423a6c6-05ac-4409-a88c-ed28196be898
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1615 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4f8055c-378e-4348-8611-8754d1fbaffd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1614 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4f8055c-378e-4348-8611-8754d1fbaffd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1613 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4f8055c-378e-4348-8611-8754d1fbaffd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1612 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4f8055c-378e-4348-8611-8754d1fbaffd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1611 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4f8055c-378e-4348-8611-8754d1fbaffd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1610 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4f8055c-378e-4348-8611-8754d1fbaffd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1609 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7c0aa45b-b199-43bf-877d-9b421bd5fb45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ce5f6605-ea72-4bca-a082-4aa7ed313238
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1608 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=773895b4-9575-4f66-b23a-ebe239fbe420
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=dde4b936-1c74-4e3c-8405-5f259264076d
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1607 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=773895b4-9575-4f66-b23a-ebe239fbe420
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=dde4b936-1c74-4e3c-8405-5f259264076d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1606 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=773895b4-9575-4f66-b23a-ebe239fbe420
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1605 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=773895b4-9575-4f66-b23a-ebe239fbe420
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1604 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=773895b4-9575-4f66-b23a-ebe239fbe420
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1603 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=773895b4-9575-4f66-b23a-ebe239fbe420
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1602 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=773895b4-9575-4f66-b23a-ebe239fbe420
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1601 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=773895b4-9575-4f66-b23a-ebe239fbe420
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1600 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=773895b4-9575-4f66-b23a-ebe239fbe420
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1599 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=773895b4-9575-4f66-b23a-ebe239fbe420
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1598 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7c0aa45b-b199-43bf-877d-9b421bd5fb45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ce5f6605-ea72-4bca-a082-4aa7ed313238
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1597 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7c0aa45b-b199-43bf-877d-9b421bd5fb45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1596 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7c0aa45b-b199-43bf-877d-9b421bd5fb45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1595 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7c0aa45b-b199-43bf-877d-9b421bd5fb45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1594 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7c0aa45b-b199-43bf-877d-9b421bd5fb45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1593 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7c0aa45b-b199-43bf-877d-9b421bd5fb45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1592 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7c0aa45b-b199-43bf-877d-9b421bd5fb45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1591 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91061926-bfef-4286-8b57-e4d9b07185b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b9e4fdbc-0a20-4428-a3ad-5960083c8b79
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1590 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47f798aa-527b-4f92-8534-7c746a1f2ad0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e7b7994c-c159-420f-846c-6844042373c1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1589 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47f798aa-527b-4f92-8534-7c746a1f2ad0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1588 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47f798aa-527b-4f92-8534-7c746a1f2ad0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1587 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47f798aa-527b-4f92-8534-7c746a1f2ad0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1586 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47f798aa-527b-4f92-8534-7c746a1f2ad0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1585 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47f798aa-527b-4f92-8534-7c746a1f2ad0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1584 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47f798aa-527b-4f92-8534-7c746a1f2ad0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1583 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47f798aa-527b-4f92-8534-7c746a1f2ad0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1582 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47f798aa-527b-4f92-8534-7c746a1f2ad0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1581 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91061926-bfef-4286-8b57-e4d9b07185b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b9e4fdbc-0a20-4428-a3ad-5960083c8b79
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1580 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91061926-bfef-4286-8b57-e4d9b07185b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1579 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91061926-bfef-4286-8b57-e4d9b07185b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1578 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91061926-bfef-4286-8b57-e4d9b07185b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1577 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91061926-bfef-4286-8b57-e4d9b07185b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1576 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91061926-bfef-4286-8b57-e4d9b07185b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1575 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91061926-bfef-4286-8b57-e4d9b07185b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1574 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66c05ac5-5bf5-4efa-b244-687544c2b2d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7ff3d9d5-93bc-41e4-a7c4-9c89ce6224ff
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1573 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f32e105-17ea-475f-8f3b-15c96e4fc087
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=5.1.14393.1944
RunspaceId=2af283ab-3339-4c1a-b4dc-fd351b4acd92
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1572 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f32e105-17ea-475f-8f3b-15c96e4fc087
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=5.1.14393.1944
RunspaceId=2af283ab-3339-4c1a-b4dc-fd351b4acd92
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1571 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f32e105-17ea-475f-8f3b-15c96e4fc087
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1570 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f32e105-17ea-475f-8f3b-15c96e4fc087
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1569 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f32e105-17ea-475f-8f3b-15c96e4fc087
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1568 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f32e105-17ea-475f-8f3b-15c96e4fc087
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1567 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f32e105-17ea-475f-8f3b-15c96e4fc087
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1566 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f32e105-17ea-475f-8f3b-15c96e4fc087
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1565 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=286abe7b-f3bc-4359-9c10-8a654fef677e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=49972722-1546-43b2-9e5b-bcb5374dd2a1
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1564 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=286abe7b-f3bc-4359-9c10-8a654fef677e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=49972722-1546-43b2-9e5b-bcb5374dd2a1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1563 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=286abe7b-f3bc-4359-9c10-8a654fef677e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1562 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=286abe7b-f3bc-4359-9c10-8a654fef677e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1561 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=286abe7b-f3bc-4359-9c10-8a654fef677e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1560 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=286abe7b-f3bc-4359-9c10-8a654fef677e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1559 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=286abe7b-f3bc-4359-9c10-8a654fef677e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1558 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=286abe7b-f3bc-4359-9c10-8a654fef677e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1557 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=286abe7b-f3bc-4359-9c10-8a654fef677e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1556 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=286abe7b-f3bc-4359-9c10-8a654fef677e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1555 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66c05ac5-5bf5-4efa-b244-687544c2b2d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7ff3d9d5-93bc-41e4-a7c4-9c89ce6224ff
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1554 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66c05ac5-5bf5-4efa-b244-687544c2b2d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1553 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66c05ac5-5bf5-4efa-b244-687544c2b2d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1552 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66c05ac5-5bf5-4efa-b244-687544c2b2d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1551 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66c05ac5-5bf5-4efa-b244-687544c2b2d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1550 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66c05ac5-5bf5-4efa-b244-687544c2b2d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1549 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66c05ac5-5bf5-4efa-b244-687544c2b2d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1548 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75a21a39-6bdc-4a02-981b-0ef95eb58a97
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b4f2db75-e6ef-4f96-8f7e-0459bae1d17e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1547 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5bae5bc5-a818-49fe-8be3-70d25a0007e5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=5.1.14393.1944
RunspaceId=a9266631-2141-4cbe-abf7-7672a78b5ed5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1546 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5bae5bc5-a818-49fe-8be3-70d25a0007e5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=5.1.14393.1944
RunspaceId=a9266631-2141-4cbe-abf7-7672a78b5ed5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1545 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5bae5bc5-a818-49fe-8be3-70d25a0007e5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1544 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5bae5bc5-a818-49fe-8be3-70d25a0007e5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1543 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5bae5bc5-a818-49fe-8be3-70d25a0007e5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1542 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5bae5bc5-a818-49fe-8be3-70d25a0007e5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1541 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5bae5bc5-a818-49fe-8be3-70d25a0007e5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1540 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5bae5bc5-a818-49fe-8be3-70d25a0007e5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1539 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=25516175-c703-4db8-aee7-9f7e486f7199
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=495dd1bd-a8d3-45cc-9421-40e2cdb63979
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1538 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=25516175-c703-4db8-aee7-9f7e486f7199
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=495dd1bd-a8d3-45cc-9421-40e2cdb63979
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1537 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=25516175-c703-4db8-aee7-9f7e486f7199
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1536 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=25516175-c703-4db8-aee7-9f7e486f7199
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1535 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=25516175-c703-4db8-aee7-9f7e486f7199
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1534 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=25516175-c703-4db8-aee7-9f7e486f7199
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1533 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=25516175-c703-4db8-aee7-9f7e486f7199
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1532 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=25516175-c703-4db8-aee7-9f7e486f7199
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1531 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=25516175-c703-4db8-aee7-9f7e486f7199
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1530 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=25516175-c703-4db8-aee7-9f7e486f7199
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1529 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75a21a39-6bdc-4a02-981b-0ef95eb58a97
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b4f2db75-e6ef-4f96-8f7e-0459bae1d17e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1528 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75a21a39-6bdc-4a02-981b-0ef95eb58a97
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1527 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75a21a39-6bdc-4a02-981b-0ef95eb58a97
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1526 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75a21a39-6bdc-4a02-981b-0ef95eb58a97
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1525 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75a21a39-6bdc-4a02-981b-0ef95eb58a97
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1524 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75a21a39-6bdc-4a02-981b-0ef95eb58a97
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1523 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75a21a39-6bdc-4a02-981b-0ef95eb58a97
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1522 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=808e99a0-8277-4288-906b-3e0323ed9c2d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ec186aad-240c-43fe-93e2-e842fbfe77e8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1521 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ff28bfe6-e3ee-4c6c-a466-46562bfd938d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9a8c1df5-ff47-4189-a0f8-3aedee62885c
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1520 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ff28bfe6-e3ee-4c6c-a466-46562bfd938d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9a8c1df5-ff47-4189-a0f8-3aedee62885c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1519 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ff28bfe6-e3ee-4c6c-a466-46562bfd938d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1518 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ff28bfe6-e3ee-4c6c-a466-46562bfd938d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1517 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ff28bfe6-e3ee-4c6c-a466-46562bfd938d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1516 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ff28bfe6-e3ee-4c6c-a466-46562bfd938d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1515 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ff28bfe6-e3ee-4c6c-a466-46562bfd938d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1514 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ff28bfe6-e3ee-4c6c-a466-46562bfd938d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1513 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ff28bfe6-e3ee-4c6c-a466-46562bfd938d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1512 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ff28bfe6-e3ee-4c6c-a466-46562bfd938d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1511 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=808e99a0-8277-4288-906b-3e0323ed9c2d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ec186aad-240c-43fe-93e2-e842fbfe77e8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1510 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=808e99a0-8277-4288-906b-3e0323ed9c2d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1509 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=808e99a0-8277-4288-906b-3e0323ed9c2d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1508 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=808e99a0-8277-4288-906b-3e0323ed9c2d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1507 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=808e99a0-8277-4288-906b-3e0323ed9c2d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1506 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=808e99a0-8277-4288-906b-3e0323ed9c2d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1505 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=808e99a0-8277-4288-906b-3e0323ed9c2d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1504 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=03d68cb4-fe74-4fde-bd0b-a30aede85180
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3f6b05c2-0857-493f-9471-65bd33b991c5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1503 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b437c79c-0e6e-4d56-959e-119303b38704
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9aea3aac-a5f3-473f-ba9f-ea2781462722
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1502 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b437c79c-0e6e-4d56-959e-119303b38704
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9aea3aac-a5f3-473f-ba9f-ea2781462722
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1501 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b437c79c-0e6e-4d56-959e-119303b38704
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1500 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b437c79c-0e6e-4d56-959e-119303b38704
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1499 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b437c79c-0e6e-4d56-959e-119303b38704
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1498 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b437c79c-0e6e-4d56-959e-119303b38704
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1497 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b437c79c-0e6e-4d56-959e-119303b38704
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1496 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b437c79c-0e6e-4d56-959e-119303b38704
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1495 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b437c79c-0e6e-4d56-959e-119303b38704
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1494 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b437c79c-0e6e-4d56-959e-119303b38704
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1493 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=03d68cb4-fe74-4fde-bd0b-a30aede85180
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3f6b05c2-0857-493f-9471-65bd33b991c5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1492 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=03d68cb4-fe74-4fde-bd0b-a30aede85180
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1491 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=03d68cb4-fe74-4fde-bd0b-a30aede85180
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1490 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=03d68cb4-fe74-4fde-bd0b-a30aede85180
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1489 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=03d68cb4-fe74-4fde-bd0b-a30aede85180
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1488 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=03d68cb4-fe74-4fde-bd0b-a30aede85180
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1487 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=03d68cb4-fe74-4fde-bd0b-a30aede85180
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1486 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79f29da4-e43f-4010-8b41-6577fd6b16f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6121ed57-054a-42e4-8f03-fc4c75b9c854
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1485 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e643a9f7-b8b2-4c55-8076-f7255a6b29cc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c5639539-db03-48b4-9d90-98136f54104d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1484 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e643a9f7-b8b2-4c55-8076-f7255a6b29cc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1483 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e643a9f7-b8b2-4c55-8076-f7255a6b29cc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1482 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e643a9f7-b8b2-4c55-8076-f7255a6b29cc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1481 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e643a9f7-b8b2-4c55-8076-f7255a6b29cc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1480 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e643a9f7-b8b2-4c55-8076-f7255a6b29cc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1479 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e643a9f7-b8b2-4c55-8076-f7255a6b29cc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1478 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e643a9f7-b8b2-4c55-8076-f7255a6b29cc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1477 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e643a9f7-b8b2-4c55-8076-f7255a6b29cc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1476 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79f29da4-e43f-4010-8b41-6577fd6b16f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6121ed57-054a-42e4-8f03-fc4c75b9c854
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1475 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79f29da4-e43f-4010-8b41-6577fd6b16f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1474 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79f29da4-e43f-4010-8b41-6577fd6b16f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1473 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79f29da4-e43f-4010-8b41-6577fd6b16f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1472 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79f29da4-e43f-4010-8b41-6577fd6b16f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1471 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79f29da4-e43f-4010-8b41-6577fd6b16f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1470 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79f29da4-e43f-4010-8b41-6577fd6b16f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1469 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9609bf91-17c2-45dc-8e3a-413b36ec064a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=24d5bdbe-174f-4e36-bf44-00f1ba0e108e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1468 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f55e8fa2-5ebd-41ec-8837-18ece27fefe6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=5.1.14393.1944
RunspaceId=32bef5bb-951f-4fc6-87ff-982126c6a28a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1467 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f55e8fa2-5ebd-41ec-8837-18ece27fefe6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=5.1.14393.1944
RunspaceId=32bef5bb-951f-4fc6-87ff-982126c6a28a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1466 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f55e8fa2-5ebd-41ec-8837-18ece27fefe6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1465 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f55e8fa2-5ebd-41ec-8837-18ece27fefe6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1464 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f55e8fa2-5ebd-41ec-8837-18ece27fefe6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1463 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f55e8fa2-5ebd-41ec-8837-18ece27fefe6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1462 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f55e8fa2-5ebd-41ec-8837-18ece27fefe6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1461 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f55e8fa2-5ebd-41ec-8837-18ece27fefe6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1460 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=803b80a2-11a3-47b7-8840-7326307b78da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=15f8fb6e-aa5d-4e46-a4a4-91cb805bb25e
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1459 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=803b80a2-11a3-47b7-8840-7326307b78da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=15f8fb6e-aa5d-4e46-a4a4-91cb805bb25e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1458 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=803b80a2-11a3-47b7-8840-7326307b78da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1457 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=803b80a2-11a3-47b7-8840-7326307b78da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1456 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=803b80a2-11a3-47b7-8840-7326307b78da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1455 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=803b80a2-11a3-47b7-8840-7326307b78da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1454 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=803b80a2-11a3-47b7-8840-7326307b78da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1453 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=803b80a2-11a3-47b7-8840-7326307b78da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1452 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=803b80a2-11a3-47b7-8840-7326307b78da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1451 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=803b80a2-11a3-47b7-8840-7326307b78da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1450 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9609bf91-17c2-45dc-8e3a-413b36ec064a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=24d5bdbe-174f-4e36-bf44-00f1ba0e108e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1449 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9609bf91-17c2-45dc-8e3a-413b36ec064a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1448 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9609bf91-17c2-45dc-8e3a-413b36ec064a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1447 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9609bf91-17c2-45dc-8e3a-413b36ec064a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1446 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9609bf91-17c2-45dc-8e3a-413b36ec064a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1445 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9609bf91-17c2-45dc-8e3a-413b36ec064a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1444 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9609bf91-17c2-45dc-8e3a-413b36ec064a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1443 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=00b6a9e6-18d2-4585-8aa9-fa0a4177218b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=61a0ad53-c469-40fa-9609-ce3159a07a56
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1442 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e90e7e38-695c-440f-b770-ab08e8d1eedd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=103b6cfb-ffb6-45d4-81a2-ecfc44be0695
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1441 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e90e7e38-695c-440f-b770-ab08e8d1eedd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=103b6cfb-ffb6-45d4-81a2-ecfc44be0695
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1440 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e90e7e38-695c-440f-b770-ab08e8d1eedd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1439 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e90e7e38-695c-440f-b770-ab08e8d1eedd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1438 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e90e7e38-695c-440f-b770-ab08e8d1eedd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1437 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e90e7e38-695c-440f-b770-ab08e8d1eedd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1436 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e90e7e38-695c-440f-b770-ab08e8d1eedd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1435 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e90e7e38-695c-440f-b770-ab08e8d1eedd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1434 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e90e7e38-695c-440f-b770-ab08e8d1eedd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1433 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e90e7e38-695c-440f-b770-ab08e8d1eedd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1432 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=00b6a9e6-18d2-4585-8aa9-fa0a4177218b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=61a0ad53-c469-40fa-9609-ce3159a07a56
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1431 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=00b6a9e6-18d2-4585-8aa9-fa0a4177218b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1430 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=00b6a9e6-18d2-4585-8aa9-fa0a4177218b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1429 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=00b6a9e6-18d2-4585-8aa9-fa0a4177218b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1428 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=00b6a9e6-18d2-4585-8aa9-fa0a4177218b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1427 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=00b6a9e6-18d2-4585-8aa9-fa0a4177218b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1426 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=00b6a9e6-18d2-4585-8aa9-fa0a4177218b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1425 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99fecf8c-bda1-4902-a738-3aafe01cfe80
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=43af4da5-e372-4772-9760-7711362f8f07
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1424 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b49487b7-5793-4acc-9132-0877e6c28c46
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b07cb925-8a8b-41a6-a865-be4e2809a2bd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1423 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b49487b7-5793-4acc-9132-0877e6c28c46
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1422 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b49487b7-5793-4acc-9132-0877e6c28c46
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1421 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b49487b7-5793-4acc-9132-0877e6c28c46
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1420 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b49487b7-5793-4acc-9132-0877e6c28c46
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1419 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b49487b7-5793-4acc-9132-0877e6c28c46
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1418 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b49487b7-5793-4acc-9132-0877e6c28c46
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1417 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b49487b7-5793-4acc-9132-0877e6c28c46
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1416 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b49487b7-5793-4acc-9132-0877e6c28c46
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1415 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99fecf8c-bda1-4902-a738-3aafe01cfe80
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=43af4da5-e372-4772-9760-7711362f8f07
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1414 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99fecf8c-bda1-4902-a738-3aafe01cfe80
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1413 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99fecf8c-bda1-4902-a738-3aafe01cfe80
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1412 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99fecf8c-bda1-4902-a738-3aafe01cfe80
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1411 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99fecf8c-bda1-4902-a738-3aafe01cfe80
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1410 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99fecf8c-bda1-4902-a738-3aafe01cfe80
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1409 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99fecf8c-bda1-4902-a738-3aafe01cfe80
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1408 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28d72166-152a-42d2-8271-9671603d9b9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f9bbe275-3059-46ba-8e68-5c0db5ae4b51
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1407 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb3372a0-0cf5-46aa-9efc-fc9e0d4cb1e6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=5.1.14393.1944
RunspaceId=4d469c25-0aff-48a6-b94f-fd25817001a7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1406 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb3372a0-0cf5-46aa-9efc-fc9e0d4cb1e6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=5.1.14393.1944
RunspaceId=4d469c25-0aff-48a6-b94f-fd25817001a7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1405 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb3372a0-0cf5-46aa-9efc-fc9e0d4cb1e6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1404 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb3372a0-0cf5-46aa-9efc-fc9e0d4cb1e6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1403 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb3372a0-0cf5-46aa-9efc-fc9e0d4cb1e6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1402 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb3372a0-0cf5-46aa-9efc-fc9e0d4cb1e6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1401 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb3372a0-0cf5-46aa-9efc-fc9e0d4cb1e6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1400 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb3372a0-0cf5-46aa-9efc-fc9e0d4cb1e6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1399 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab108d24-3420-4601-9bef-671a13fb9465
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f3b0bd04-3b1a-4947-bb68-2ed2bd7d8f29
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1398 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab108d24-3420-4601-9bef-671a13fb9465
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f3b0bd04-3b1a-4947-bb68-2ed2bd7d8f29
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1397 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab108d24-3420-4601-9bef-671a13fb9465
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1396 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab108d24-3420-4601-9bef-671a13fb9465
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1395 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab108d24-3420-4601-9bef-671a13fb9465
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1394 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab108d24-3420-4601-9bef-671a13fb9465
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1393 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab108d24-3420-4601-9bef-671a13fb9465
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1392 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab108d24-3420-4601-9bef-671a13fb9465
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1391 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab108d24-3420-4601-9bef-671a13fb9465
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1390 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab108d24-3420-4601-9bef-671a13fb9465
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1389 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28d72166-152a-42d2-8271-9671603d9b9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f9bbe275-3059-46ba-8e68-5c0db5ae4b51
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1388 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28d72166-152a-42d2-8271-9671603d9b9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1387 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28d72166-152a-42d2-8271-9671603d9b9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1386 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28d72166-152a-42d2-8271-9671603d9b9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1385 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28d72166-152a-42d2-8271-9671603d9b9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1384 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28d72166-152a-42d2-8271-9671603d9b9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1383 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28d72166-152a-42d2-8271-9671603d9b9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1382 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=401491bd-705d-4d6b-a61c-127a55356614
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bc40c7f7-1813-4c35-a724-a149e215b4b3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1381 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c919b172-ee7e-466c-8210-427aad4be50a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=da64bb73-852d-479c-a0ab-4f71e75ed242
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1380 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c919b172-ee7e-466c-8210-427aad4be50a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1379 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c919b172-ee7e-466c-8210-427aad4be50a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1378 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c919b172-ee7e-466c-8210-427aad4be50a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1377 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c919b172-ee7e-466c-8210-427aad4be50a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1376 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c919b172-ee7e-466c-8210-427aad4be50a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1375 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c919b172-ee7e-466c-8210-427aad4be50a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1374 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c919b172-ee7e-466c-8210-427aad4be50a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1373 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c919b172-ee7e-466c-8210-427aad4be50a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1372 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=401491bd-705d-4d6b-a61c-127a55356614
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bc40c7f7-1813-4c35-a724-a149e215b4b3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1371 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=401491bd-705d-4d6b-a61c-127a55356614
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1370 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=401491bd-705d-4d6b-a61c-127a55356614
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1369 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=401491bd-705d-4d6b-a61c-127a55356614
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1368 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=401491bd-705d-4d6b-a61c-127a55356614
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1367 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=401491bd-705d-4d6b-a61c-127a55356614
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1366 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=401491bd-705d-4d6b-a61c-127a55356614
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1365 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95cc4869-0a8e-4687-930c-87e619e67fa6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a5537ccd-af76-4a61-991c-70a6d9d13f74
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1364 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=592c4558-fbd6-40fb-8e23-6b3ff7515fca
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=5.1.14393.1944
RunspaceId=df5be3d0-998a-4f1c-afd3-6e3a60ba578e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1363 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=592c4558-fbd6-40fb-8e23-6b3ff7515fca
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=5.1.14393.1944
RunspaceId=df5be3d0-998a-4f1c-afd3-6e3a60ba578e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1362 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=592c4558-fbd6-40fb-8e23-6b3ff7515fca
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1361 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=592c4558-fbd6-40fb-8e23-6b3ff7515fca
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1360 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=592c4558-fbd6-40fb-8e23-6b3ff7515fca
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1359 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=592c4558-fbd6-40fb-8e23-6b3ff7515fca
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1358 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=592c4558-fbd6-40fb-8e23-6b3ff7515fca
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1357 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=592c4558-fbd6-40fb-8e23-6b3ff7515fca
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1356 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e0091a73-40d0-484a-9f19-771af40791d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=408e9c45-cb38-432a-a3fd-2dc9c886467e
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1355 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e0091a73-40d0-484a-9f19-771af40791d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=408e9c45-cb38-432a-a3fd-2dc9c886467e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1354 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e0091a73-40d0-484a-9f19-771af40791d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1353 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e0091a73-40d0-484a-9f19-771af40791d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1352 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e0091a73-40d0-484a-9f19-771af40791d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1351 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e0091a73-40d0-484a-9f19-771af40791d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1350 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e0091a73-40d0-484a-9f19-771af40791d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1349 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e0091a73-40d0-484a-9f19-771af40791d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1348 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e0091a73-40d0-484a-9f19-771af40791d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1347 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e0091a73-40d0-484a-9f19-771af40791d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1346 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95cc4869-0a8e-4687-930c-87e619e67fa6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a5537ccd-af76-4a61-991c-70a6d9d13f74
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1345 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95cc4869-0a8e-4687-930c-87e619e67fa6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1344 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95cc4869-0a8e-4687-930c-87e619e67fa6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1343 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95cc4869-0a8e-4687-930c-87e619e67fa6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1342 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95cc4869-0a8e-4687-930c-87e619e67fa6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1341 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95cc4869-0a8e-4687-930c-87e619e67fa6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1340 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95cc4869-0a8e-4687-930c-87e619e67fa6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1339 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c24ab73-9610-4d6a-9e9a-815bcf2621bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8badb4a1-0b77-4edb-b0a9-de395133f65b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1338 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3c58a886-646c-46a7-8564-4500770738e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bad09813-fae9-4ddc-af9a-d032724d7392
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1337 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3c58a886-646c-46a7-8564-4500770738e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bad09813-fae9-4ddc-af9a-d032724d7392
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1336 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3c58a886-646c-46a7-8564-4500770738e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1335 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3c58a886-646c-46a7-8564-4500770738e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1334 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3c58a886-646c-46a7-8564-4500770738e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1333 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3c58a886-646c-46a7-8564-4500770738e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1332 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3c58a886-646c-46a7-8564-4500770738e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1331 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3c58a886-646c-46a7-8564-4500770738e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1330 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3c58a886-646c-46a7-8564-4500770738e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1329 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3c58a886-646c-46a7-8564-4500770738e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1328 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c24ab73-9610-4d6a-9e9a-815bcf2621bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8badb4a1-0b77-4edb-b0a9-de395133f65b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1327 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c24ab73-9610-4d6a-9e9a-815bcf2621bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1326 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c24ab73-9610-4d6a-9e9a-815bcf2621bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1325 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c24ab73-9610-4d6a-9e9a-815bcf2621bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1324 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c24ab73-9610-4d6a-9e9a-815bcf2621bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1323 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c24ab73-9610-4d6a-9e9a-815bcf2621bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1322 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c24ab73-9610-4d6a-9e9a-815bcf2621bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1321 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b1fb170-8f80-47df-8dd5-89fd3816f44b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4ea7cd44-2114-4b76-b3bf-b136a329738b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1320 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b3fcccfb-f773-4e3a-a00e-6041f2e8efe7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=66178700-26fc-48de-822c-05023e87fce5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1319 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b3fcccfb-f773-4e3a-a00e-6041f2e8efe7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1318 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b3fcccfb-f773-4e3a-a00e-6041f2e8efe7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1317 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b3fcccfb-f773-4e3a-a00e-6041f2e8efe7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1316 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b3fcccfb-f773-4e3a-a00e-6041f2e8efe7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1315 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b3fcccfb-f773-4e3a-a00e-6041f2e8efe7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1314 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b3fcccfb-f773-4e3a-a00e-6041f2e8efe7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1313 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b3fcccfb-f773-4e3a-a00e-6041f2e8efe7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1312 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b3fcccfb-f773-4e3a-a00e-6041f2e8efe7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1311 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:35:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b1fb170-8f80-47df-8dd5-89fd3816f44b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4ea7cd44-2114-4b76-b3bf-b136a329738b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1310 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b1fb170-8f80-47df-8dd5-89fd3816f44b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1309 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b1fb170-8f80-47df-8dd5-89fd3816f44b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1308 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b1fb170-8f80-47df-8dd5-89fd3816f44b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1307 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b1fb170-8f80-47df-8dd5-89fd3816f44b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1306 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b1fb170-8f80-47df-8dd5-89fd3816f44b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1305 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b1fb170-8f80-47df-8dd5-89fd3816f44b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1304 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4589164-5153-415e-8187-9ed072d26ce7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABrAEEATgBnAEEAdQBBAEQATQBBAE4AUQBBAHQAQQBEAEkAQQBOAHcAQQAwAEEARABrAEEATgBnAEEAMABBAEQASQBBAE4AUQBBADAAQQBEAGsAQQBNAHcAQQB3AEEARABNAEEATgBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=b9720a7f-1b31-4934-a052-3be16b065d69
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1303 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9aa0c069-d53d-447e-b71a-b5c792b98fe6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADkANgAuADMANQAtADIANwA0ADkANgA0ADIANQA0ADkAMwAwADMANAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=656727ea-38cb-4e31-8fb1-952cd76eb7b9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1302 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9aa0c069-d53d-447e-b71a-b5c792b98fe6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADkANgAuADMANQAtADIANwA0ADkANgA0ADIANQA0ADkAMwAwADMANAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=656727ea-38cb-4e31-8fb1-952cd76eb7b9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1301 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9aa0c069-d53d-447e-b71a-b5c792b98fe6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADkANgAuADMANQAtADIANwA0ADkANgA0ADIANQA0ADkAMwAwADMANAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1300 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9aa0c069-d53d-447e-b71a-b5c792b98fe6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADkANgAuADMANQAtADIANwA0ADkANgA0ADIANQA0ADkAMwAwADMANAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1299 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9aa0c069-d53d-447e-b71a-b5c792b98fe6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADkANgAuADMANQAtADIANwA0ADkANgA0ADIANQA0ADkAMwAwADMANAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1298 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9aa0c069-d53d-447e-b71a-b5c792b98fe6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADkANgAuADMANQAtADIANwA0ADkANgA0ADIANQA0ADkAMwAwADMANAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1297 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9aa0c069-d53d-447e-b71a-b5c792b98fe6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADkANgAuADMANQAtADIANwA0ADkANgA0ADIANQA0ADkAMwAwADMANAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1296 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9aa0c069-d53d-447e-b71a-b5c792b98fe6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADkANgAuADMANQAtADIANwA0ADkANgA0ADIANQA0ADkAMwAwADMANAAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1295 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4589164-5153-415e-8187-9ed072d26ce7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABrAEEATgBnAEEAdQBBAEQATQBBAE4AUQBBAHQAQQBEAEkAQQBOAHcAQQAwAEEARABrAEEATgBnAEEAMABBAEQASQBBAE4AUQBBADAAQQBEAGsAQQBNAHcAQQB3AEEARABNAEEATgBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=b9720a7f-1b31-4934-a052-3be16b065d69
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1294 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4589164-5153-415e-8187-9ed072d26ce7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABrAEEATgBnAEEAdQBBAEQATQBBAE4AUQBBAHQAQQBEAEkAQQBOAHcAQQAwAEEARABrAEEATgBnAEEAMABBAEQASQBBAE4AUQBBADAAQQBEAGsAQQBNAHcAQQB3AEEARABNAEEATgBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1293 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4589164-5153-415e-8187-9ed072d26ce7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABrAEEATgBnAEEAdQBBAEQATQBBAE4AUQBBAHQAQQBEAEkAQQBOAHcAQQAwAEEARABrAEEATgBnAEEAMABBAEQASQBBAE4AUQBBADAAQQBEAGsAQQBNAHcAQQB3AEEARABNAEEATgBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1292 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4589164-5153-415e-8187-9ed072d26ce7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABrAEEATgBnAEEAdQBBAEQATQBBAE4AUQBBAHQAQQBEAEkAQQBOAHcAQQAwAEEARABrAEEATgBnAEEAMABBAEQASQBBAE4AUQBBADAAQQBEAGsAQQBNAHcAQQB3AEEARABNAEEATgBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1291 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4589164-5153-415e-8187-9ed072d26ce7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABrAEEATgBnAEEAdQBBAEQATQBBAE4AUQBBAHQAQQBEAEkAQQBOAHcAQQAwAEEARABrAEEATgBnAEEAMABBAEQASQBBAE4AUQBBADAAQQBEAGsAQQBNAHcAQQB3AEEARABNAEEATgBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1290 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4589164-5153-415e-8187-9ed072d26ce7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABrAEEATgBnAEEAdQBBAEQATQBBAE4AUQBBAHQAQQBEAEkAQQBOAHcAQQAwAEEARABrAEEATgBnAEEAMABBAEQASQBBAE4AUQBBADAAQQBEAGsAQQBNAHcAQQB3AEEARABNAEEATgBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1289 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4589164-5153-415e-8187-9ed072d26ce7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABrAEEATgBnAEEAdQBBAEQATQBBAE4AUQBBAHQAQQBEAEkAQQBOAHcAQQAwAEEARABrAEEATgBnAEEAMABBAEQASQBBAE4AUQBBADAAQQBEAGsAQQBNAHcAQQB3AEEARABNAEEATgBBAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1288 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24383ff5-07d3-4f45-8104-8bf4edfebf20
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ccd7059b-0b04-4d7c-97b0-db84d3e9a7fe
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1287 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0e1cd95f-1e19-4e36-9efc-45c199579560
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a3c4d58d-1076-4c5f-bfec-08d575940784
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1286 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0e1cd95f-1e19-4e36-9efc-45c199579560
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1285 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0e1cd95f-1e19-4e36-9efc-45c199579560
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1284 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0e1cd95f-1e19-4e36-9efc-45c199579560
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1283 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0e1cd95f-1e19-4e36-9efc-45c199579560
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1282 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0e1cd95f-1e19-4e36-9efc-45c199579560
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1281 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0e1cd95f-1e19-4e36-9efc-45c199579560
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1280 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0e1cd95f-1e19-4e36-9efc-45c199579560
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1279 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0e1cd95f-1e19-4e36-9efc-45c199579560
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1278 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24383ff5-07d3-4f45-8104-8bf4edfebf20
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ccd7059b-0b04-4d7c-97b0-db84d3e9a7fe
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1277 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24383ff5-07d3-4f45-8104-8bf4edfebf20
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1276 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24383ff5-07d3-4f45-8104-8bf4edfebf20
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1275 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24383ff5-07d3-4f45-8104-8bf4edfebf20
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1274 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24383ff5-07d3-4f45-8104-8bf4edfebf20
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1273 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24383ff5-07d3-4f45-8104-8bf4edfebf20
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1272 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24383ff5-07d3-4f45-8104-8bf4edfebf20
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1271 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f1186c1-04d2-4645-b986-4e7257379c1f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADkANgAuADMANQAtADIANwA0ADkANgA0ADIANQA0ADkAMwAwADMANAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=bef86c40-421a-4424-8231-d6e95785e78b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1270 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f1186c1-04d2-4645-b986-4e7257379c1f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADkANgAuADMANQAtADIANwA0ADkANgA0ADIANQA0ADkAMwAwADMANAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=bef86c40-421a-4424-8231-d6e95785e78b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1269 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f1186c1-04d2-4645-b986-4e7257379c1f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADkANgAuADMANQAtADIANwA0ADkANgA0ADIANQA0ADkAMwAwADMANAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1268 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f1186c1-04d2-4645-b986-4e7257379c1f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADkANgAuADMANQAtADIANwA0ADkANgA0ADIANQA0ADkAMwAwADMANAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1267 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f1186c1-04d2-4645-b986-4e7257379c1f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADkANgAuADMANQAtADIANwA0ADkANgA0ADIANQA0ADkAMwAwADMANAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1266 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f1186c1-04d2-4645-b986-4e7257379c1f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADkANgAuADMANQAtADIANwA0ADkANgA0ADIANQA0ADkAMwAwADMANAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1265 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f1186c1-04d2-4645-b986-4e7257379c1f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADkANgAuADMANQAtADIANwA0ADkANgA0ADIANQA0ADkAMwAwADMANAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1264 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f1186c1-04d2-4645-b986-4e7257379c1f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADkANgAuADMANQAtADIANwA0ADkANgA0ADIANQA0ADkAMwAwADMANAAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1263 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a0c6f67-f2ea-4597-a596-6f1621f25575
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBPAFEAQQAyAEEAQwA0AEEATQB3AEEAMQBBAEMAMABBAE0AZwBBADMAQQBEAFEAQQBPAFEAQQAyAEEARABRAEEATQBnAEEAMQBBAEQAUQBBAE8AUQBBAHoAQQBEAEEAQQBNAHcAQQAwAEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=9481b7a2-cc32-446e-bc27-e3570fb5548e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1262 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb2b4ef2-fa42-4836-bcbf-d2bc66a53023
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAOQA2AC4AMwA1AC0AMgA3ADQAOQA2ADQAMgA1ADQAOQAzADAAMwA0ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=45fe7de4-9f10-40f4-bf79-635019d40dec
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1261 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb2b4ef2-fa42-4836-bcbf-d2bc66a53023
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAOQA2AC4AMwA1AC0AMgA3ADQAOQA2ADQAMgA1ADQAOQAzADAAMwA0ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=45fe7de4-9f10-40f4-bf79-635019d40dec
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1260 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb2b4ef2-fa42-4836-bcbf-d2bc66a53023
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAOQA2AC4AMwA1AC0AMgA3ADQAOQA2ADQAMgA1ADQAOQAzADAAMwA0ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1259 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb2b4ef2-fa42-4836-bcbf-d2bc66a53023
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAOQA2AC4AMwA1AC0AMgA3ADQAOQA2ADQAMgA1ADQAOQAzADAAMwA0ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1258 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb2b4ef2-fa42-4836-bcbf-d2bc66a53023
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAOQA2AC4AMwA1AC0AMgA3ADQAOQA2ADQAMgA1ADQAOQAzADAAMwA0ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1257 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb2b4ef2-fa42-4836-bcbf-d2bc66a53023
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAOQA2AC4AMwA1AC0AMgA3ADQAOQA2ADQAMgA1ADQAOQAzADAAMwA0ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1256 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb2b4ef2-fa42-4836-bcbf-d2bc66a53023
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAOQA2AC4AMwA1AC0AMgA3ADQAOQA2ADQAMgA1ADQAOQAzADAAMwA0ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1255 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb2b4ef2-fa42-4836-bcbf-d2bc66a53023
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAOQA2AC4AMwA1AC0AMgA3ADQAOQA2ADQAMgA1ADQAOQAzADAAMwA0ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1254 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a0c6f67-f2ea-4597-a596-6f1621f25575
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBPAFEAQQAyAEEAQwA0AEEATQB3AEEAMQBBAEMAMABBAE0AZwBBADMAQQBEAFEAQQBPAFEAQQAyAEEARABRAEEATQBnAEEAMQBBAEQAUQBBAE8AUQBBAHoAQQBEAEEAQQBNAHcAQQAwAEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=9481b7a2-cc32-446e-bc27-e3570fb5548e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1253 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a0c6f67-f2ea-4597-a596-6f1621f25575
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBPAFEAQQAyAEEAQwA0AEEATQB3AEEAMQBBAEMAMABBAE0AZwBBADMAQQBEAFEAQQBPAFEAQQAyAEEARABRAEEATQBnAEEAMQBBAEQAUQBBAE8AUQBBAHoAQQBEAEEAQQBNAHcAQQAwAEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1252 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a0c6f67-f2ea-4597-a596-6f1621f25575
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBPAFEAQQAyAEEAQwA0AEEATQB3AEEAMQBBAEMAMABBAE0AZwBBADMAQQBEAFEAQQBPAFEAQQAyAEEARABRAEEATQBnAEEAMQBBAEQAUQBBAE8AUQBBAHoAQQBEAEEAQQBNAHcAQQAwAEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1251 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a0c6f67-f2ea-4597-a596-6f1621f25575
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBPAFEAQQAyAEEAQwA0AEEATQB3AEEAMQBBAEMAMABBAE0AZwBBADMAQQBEAFEAQQBPAFEAQQAyAEEARABRAEEATQBnAEEAMQBBAEQAUQBBAE8AUQBBAHoAQQBEAEEAQQBNAHcAQQAwAEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1250 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a0c6f67-f2ea-4597-a596-6f1621f25575
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBPAFEAQQAyAEEAQwA0AEEATQB3AEEAMQBBAEMAMABBAE0AZwBBADMAQQBEAFEAQQBPAFEAQQAyAEEARABRAEEATQBnAEEAMQBBAEQAUQBBAE8AUQBBAHoAQQBEAEEAQQBNAHcAQQAwAEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1249 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a0c6f67-f2ea-4597-a596-6f1621f25575
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBPAFEAQQAyAEEAQwA0AEEATQB3AEEAMQBBAEMAMABBAE0AZwBBADMAQQBEAFEAQQBPAFEAQQAyAEEARABRAEEATQBnAEEAMQBBAEQAUQBBAE8AUQBBAHoAQQBEAEEAQQBNAHcAQQAwAEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1248 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a0c6f67-f2ea-4597-a596-6f1621f25575
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBPAFEAQQAyAEEAQwA0AEEATQB3AEEAMQBBAEMAMABBAE0AZwBBADMAQQBEAFEAQQBPAFEAQQAyAEEARABRAEEATQBnAEEAMQBBAEQAUQBBAE8AUQBBAHoAQQBEAEEAQQBNAHcAQQAwAEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1247 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=85982346-f2c1-42c7-9161-ab927d8b9a2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=565f978a-582d-4da4-82f0-351643afad31
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1246 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=06164d28-8170-499a-a269-b44fb18a7cda
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4fb17d18-7faf-4561-924f-42341d716706
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1245 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=06164d28-8170-499a-a269-b44fb18a7cda
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1244 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=06164d28-8170-499a-a269-b44fb18a7cda
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1243 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=06164d28-8170-499a-a269-b44fb18a7cda
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1242 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=06164d28-8170-499a-a269-b44fb18a7cda
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1241 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=06164d28-8170-499a-a269-b44fb18a7cda
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1240 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=06164d28-8170-499a-a269-b44fb18a7cda
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1239 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=06164d28-8170-499a-a269-b44fb18a7cda
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1238 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=06164d28-8170-499a-a269-b44fb18a7cda
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1237 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=85982346-f2c1-42c7-9161-ab927d8b9a2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=565f978a-582d-4da4-82f0-351643afad31
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1236 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=85982346-f2c1-42c7-9161-ab927d8b9a2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1235 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=85982346-f2c1-42c7-9161-ab927d8b9a2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1234 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=85982346-f2c1-42c7-9161-ab927d8b9a2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1233 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=85982346-f2c1-42c7-9161-ab927d8b9a2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1232 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=85982346-f2c1-42c7-9161-ab927d8b9a2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1231 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=85982346-f2c1-42c7-9161-ab927d8b9a2f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1230 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cce47a87-2ea1-40eb-87ed-6c052e9bcb08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1cf69129-a3ff-4297-b19b-3441c68a57d8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1229 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a5c7175-b230-45b9-89ea-79b3bf58ff20
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=5.1.14393.1944
RunspaceId=977e171c-5dc5-4463-91de-1acc841c1f9b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1228 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a5c7175-b230-45b9-89ea-79b3bf58ff20
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=5.1.14393.1944
RunspaceId=977e171c-5dc5-4463-91de-1acc841c1f9b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1227 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a5c7175-b230-45b9-89ea-79b3bf58ff20
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1226 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a5c7175-b230-45b9-89ea-79b3bf58ff20
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1225 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a5c7175-b230-45b9-89ea-79b3bf58ff20
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1224 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a5c7175-b230-45b9-89ea-79b3bf58ff20
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1223 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a5c7175-b230-45b9-89ea-79b3bf58ff20
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1222 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a5c7175-b230-45b9-89ea-79b3bf58ff20
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1221 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b44215f-4021-49ed-88fe-7bf526d48cee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=82e51625-1931-47da-afd6-80533f975af7
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1220 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b44215f-4021-49ed-88fe-7bf526d48cee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=82e51625-1931-47da-afd6-80533f975af7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1219 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b44215f-4021-49ed-88fe-7bf526d48cee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1218 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b44215f-4021-49ed-88fe-7bf526d48cee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1217 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b44215f-4021-49ed-88fe-7bf526d48cee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1216 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b44215f-4021-49ed-88fe-7bf526d48cee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1215 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b44215f-4021-49ed-88fe-7bf526d48cee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1214 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b44215f-4021-49ed-88fe-7bf526d48cee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1213 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b44215f-4021-49ed-88fe-7bf526d48cee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1212 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b44215f-4021-49ed-88fe-7bf526d48cee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1211 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cce47a87-2ea1-40eb-87ed-6c052e9bcb08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1cf69129-a3ff-4297-b19b-3441c68a57d8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1210 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cce47a87-2ea1-40eb-87ed-6c052e9bcb08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1209 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cce47a87-2ea1-40eb-87ed-6c052e9bcb08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1208 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cce47a87-2ea1-40eb-87ed-6c052e9bcb08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1207 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cce47a87-2ea1-40eb-87ed-6c052e9bcb08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1206 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cce47a87-2ea1-40eb-87ed-6c052e9bcb08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1205 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cce47a87-2ea1-40eb-87ed-6c052e9bcb08
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1204 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c4a07cd4-b08b-4b9b-b278-c734393f134e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABnAEEATQBBAEEAdQBBAEQATQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQB5AEEARABnAEEATgB3AEEAMABBAEQAZwBBAE8AQQBBAHgAQQBEAEkAQQBNAGcAQQAxAEEARABjAEEATQB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=1cb6b491-9c5f-4370-afca-f68557fc723b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1203 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=76a693b1-40f8-47fb-bff3-569385c9a21f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADgAMAAuADMAMQAtADIANgAyADgANwA0ADgAOAAxADIAMgA1ADcAMwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=004ddb5c-d1f7-44de-a901-1228c3355407
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1202 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=76a693b1-40f8-47fb-bff3-569385c9a21f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADgAMAAuADMAMQAtADIANgAyADgANwA0ADgAOAAxADIAMgA1ADcAMwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=004ddb5c-d1f7-44de-a901-1228c3355407
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1201 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=76a693b1-40f8-47fb-bff3-569385c9a21f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADgAMAAuADMAMQAtADIANgAyADgANwA0ADgAOAAxADIAMgA1ADcAMwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1200 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=76a693b1-40f8-47fb-bff3-569385c9a21f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADgAMAAuADMAMQAtADIANgAyADgANwA0ADgAOAAxADIAMgA1ADcAMwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1199 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=76a693b1-40f8-47fb-bff3-569385c9a21f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADgAMAAuADMAMQAtADIANgAyADgANwA0ADgAOAAxADIAMgA1ADcAMwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1198 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=76a693b1-40f8-47fb-bff3-569385c9a21f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADgAMAAuADMAMQAtADIANgAyADgANwA0ADgAOAAxADIAMgA1ADcAMwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1197 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=76a693b1-40f8-47fb-bff3-569385c9a21f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADgAMAAuADMAMQAtADIANgAyADgANwA0ADgAOAAxADIAMgA1ADcAMwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1196 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=76a693b1-40f8-47fb-bff3-569385c9a21f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADgAMAAuADMAMQAtADIANgAyADgANwA0ADgAOAAxADIAMgA1ADcAMwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1195 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c4a07cd4-b08b-4b9b-b278-c734393f134e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABnAEEATQBBAEEAdQBBAEQATQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQB5AEEARABnAEEATgB3AEEAMABBAEQAZwBBAE8AQQBBAHgAQQBEAEkAQQBNAGcAQQAxAEEARABjAEEATQB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=1cb6b491-9c5f-4370-afca-f68557fc723b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1194 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c4a07cd4-b08b-4b9b-b278-c734393f134e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABnAEEATQBBAEEAdQBBAEQATQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQB5AEEARABnAEEATgB3AEEAMABBAEQAZwBBAE8AQQBBAHgAQQBEAEkAQQBNAGcAQQAxAEEARABjAEEATQB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1193 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c4a07cd4-b08b-4b9b-b278-c734393f134e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABnAEEATQBBAEEAdQBBAEQATQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQB5AEEARABnAEEATgB3AEEAMABBAEQAZwBBAE8AQQBBAHgAQQBEAEkAQQBNAGcAQQAxAEEARABjAEEATQB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1192 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c4a07cd4-b08b-4b9b-b278-c734393f134e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABnAEEATQBBAEEAdQBBAEQATQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQB5AEEARABnAEEATgB3AEEAMABBAEQAZwBBAE8AQQBBAHgAQQBEAEkAQQBNAGcAQQAxAEEARABjAEEATQB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1191 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c4a07cd4-b08b-4b9b-b278-c734393f134e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABnAEEATQBBAEEAdQBBAEQATQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQB5AEEARABnAEEATgB3AEEAMABBAEQAZwBBAE8AQQBBAHgAQQBEAEkAQQBNAGcAQQAxAEEARABjAEEATQB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1190 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c4a07cd4-b08b-4b9b-b278-c734393f134e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABnAEEATQBBAEEAdQBBAEQATQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQB5AEEARABnAEEATgB3AEEAMABBAEQAZwBBAE8AQQBBAHgAQQBEAEkAQQBNAGcAQQAxAEEARABjAEEATQB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1189 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c4a07cd4-b08b-4b9b-b278-c734393f134e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABnAEEATQBBAEEAdQBBAEQATQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQB5AEEARABnAEEATgB3AEEAMABBAEQAZwBBAE8AQQBBAHgAQQBEAEkAQQBNAGcAQQAxAEEARABjAEEATQB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1188 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1b18bfb-642a-4aed-9a47-7f64b37aa75f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d88d5575-706a-482d-bac0-309ebedd926c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1187 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=01495a51-be31-4dd2-8300-54b818e43d59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=461c44f8-49a6-4a07-be4d-b0f2e94226ef
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1186 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=01495a51-be31-4dd2-8300-54b818e43d59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1185 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=01495a51-be31-4dd2-8300-54b818e43d59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1184 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=01495a51-be31-4dd2-8300-54b818e43d59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1183 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=01495a51-be31-4dd2-8300-54b818e43d59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1182 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=01495a51-be31-4dd2-8300-54b818e43d59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1181 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=01495a51-be31-4dd2-8300-54b818e43d59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1180 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=01495a51-be31-4dd2-8300-54b818e43d59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1179 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=01495a51-be31-4dd2-8300-54b818e43d59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1178 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1b18bfb-642a-4aed-9a47-7f64b37aa75f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d88d5575-706a-482d-bac0-309ebedd926c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1177 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1b18bfb-642a-4aed-9a47-7f64b37aa75f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1176 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1b18bfb-642a-4aed-9a47-7f64b37aa75f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1175 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1b18bfb-642a-4aed-9a47-7f64b37aa75f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1174 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1b18bfb-642a-4aed-9a47-7f64b37aa75f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1173 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1b18bfb-642a-4aed-9a47-7f64b37aa75f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1172 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1b18bfb-642a-4aed-9a47-7f64b37aa75f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1171 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9dc292fe-3cfc-43ac-b632-055eb6a8d977
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADgAMAAuADMAMQAtADIANgAyADgANwA0ADgAOAAxADIAMgA1ADcAMwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=c1c2f5dd-ebaf-45bb-9291-c433fdebdf64
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1170 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9dc292fe-3cfc-43ac-b632-055eb6a8d977
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADgAMAAuADMAMQAtADIANgAyADgANwA0ADgAOAAxADIAMgA1ADcAMwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=c1c2f5dd-ebaf-45bb-9291-c433fdebdf64
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1169 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9dc292fe-3cfc-43ac-b632-055eb6a8d977
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADgAMAAuADMAMQAtADIANgAyADgANwA0ADgAOAAxADIAMgA1ADcAMwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1168 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9dc292fe-3cfc-43ac-b632-055eb6a8d977
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADgAMAAuADMAMQAtADIANgAyADgANwA0ADgAOAAxADIAMgA1ADcAMwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1167 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9dc292fe-3cfc-43ac-b632-055eb6a8d977
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADgAMAAuADMAMQAtADIANgAyADgANwA0ADgAOAAxADIAMgA1ADcAMwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1166 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9dc292fe-3cfc-43ac-b632-055eb6a8d977
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADgAMAAuADMAMQAtADIANgAyADgANwA0ADgAOAAxADIAMgA1ADcAMwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1165 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9dc292fe-3cfc-43ac-b632-055eb6a8d977
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADgAMAAuADMAMQAtADIANgAyADgANwA0ADgAOAAxADIAMgA1ADcAMwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1164 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9dc292fe-3cfc-43ac-b632-055eb6a8d977
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADgAMAAuADMAMQAtADIANgAyADgANwA0ADgAOAAxADIAMgA1ADcAMwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1163 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e5b13fd7-25ef-4ac9-b78f-c9e64782ea8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBPAEEAQQB3AEEAQwA0AEEATQB3AEEAeABBAEMAMABBAE0AZwBBADIAQQBEAEkAQQBPAEEAQQAzAEEARABRAEEATwBBAEEANABBAEQARQBBAE0AZwBBAHkAQQBEAFUAQQBOAHcAQQB6AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=d6fbdb4e-b0e9-4b48-b37c-b802cc011fce
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1162 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47ed0d55-3ea6-457b-ba86-6e9450b14b44
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAOAAwAC4AMwAxAC0AMgA2ADIAOAA3ADQAOAA4ADEAMgAyADUANwAzADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=e99fcc08-5f25-4af5-b5ef-7eb38c56a4f4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1161 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47ed0d55-3ea6-457b-ba86-6e9450b14b44
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAOAAwAC4AMwAxAC0AMgA2ADIAOAA3ADQAOAA4ADEAMgAyADUANwAzADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=e99fcc08-5f25-4af5-b5ef-7eb38c56a4f4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1160 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47ed0d55-3ea6-457b-ba86-6e9450b14b44
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAOAAwAC4AMwAxAC0AMgA2ADIAOAA3ADQAOAA4ADEAMgAyADUANwAzADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1159 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47ed0d55-3ea6-457b-ba86-6e9450b14b44
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAOAAwAC4AMwAxAC0AMgA2ADIAOAA3ADQAOAA4ADEAMgAyADUANwAzADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1158 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47ed0d55-3ea6-457b-ba86-6e9450b14b44
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAOAAwAC4AMwAxAC0AMgA2ADIAOAA3ADQAOAA4ADEAMgAyADUANwAzADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1157 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47ed0d55-3ea6-457b-ba86-6e9450b14b44
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAOAAwAC4AMwAxAC0AMgA2ADIAOAA3ADQAOAA4ADEAMgAyADUANwAzADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1156 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47ed0d55-3ea6-457b-ba86-6e9450b14b44
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAOAAwAC4AMwAxAC0AMgA2ADIAOAA3ADQAOAA4ADEAMgAyADUANwAzADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1155 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47ed0d55-3ea6-457b-ba86-6e9450b14b44
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAOAAwAC4AMwAxAC0AMgA2ADIAOAA3ADQAOAA4ADEAMgAyADUANwAzADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1154 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e5b13fd7-25ef-4ac9-b78f-c9e64782ea8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBPAEEAQQB3AEEAQwA0AEEATQB3AEEAeABBAEMAMABBAE0AZwBBADIAQQBEAEkAQQBPAEEAQQAzAEEARABRAEEATwBBAEEANABBAEQARQBBAE0AZwBBAHkAQQBEAFUAQQBOAHcAQQB6AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=d6fbdb4e-b0e9-4b48-b37c-b802cc011fce
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1153 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e5b13fd7-25ef-4ac9-b78f-c9e64782ea8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBPAEEAQQB3AEEAQwA0AEEATQB3AEEAeABBAEMAMABBAE0AZwBBADIAQQBEAEkAQQBPAEEAQQAzAEEARABRAEEATwBBAEEANABBAEQARQBBAE0AZwBBAHkAQQBEAFUAQQBOAHcAQQB6AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1152 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e5b13fd7-25ef-4ac9-b78f-c9e64782ea8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBPAEEAQQB3AEEAQwA0AEEATQB3AEEAeABBAEMAMABBAE0AZwBBADIAQQBEAEkAQQBPAEEAQQAzAEEARABRAEEATwBBAEEANABBAEQARQBBAE0AZwBBAHkAQQBEAFUAQQBOAHcAQQB6AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1151 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e5b13fd7-25ef-4ac9-b78f-c9e64782ea8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBPAEEAQQB3AEEAQwA0AEEATQB3AEEAeABBAEMAMABBAE0AZwBBADIAQQBEAEkAQQBPAEEAQQAzAEEARABRAEEATwBBAEEANABBAEQARQBBAE0AZwBBAHkAQQBEAFUAQQBOAHcAQQB6AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1150 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e5b13fd7-25ef-4ac9-b78f-c9e64782ea8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBPAEEAQQB3AEEAQwA0AEEATQB3AEEAeABBAEMAMABBAE0AZwBBADIAQQBEAEkAQQBPAEEAQQAzAEEARABRAEEATwBBAEEANABBAEQARQBBAE0AZwBBAHkAQQBEAFUAQQBOAHcAQQB6AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1149 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e5b13fd7-25ef-4ac9-b78f-c9e64782ea8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBPAEEAQQB3AEEAQwA0AEEATQB3AEEAeABBAEMAMABBAE0AZwBBADIAQQBEAEkAQQBPAEEAQQAzAEEARABRAEEATwBBAEEANABBAEQARQBBAE0AZwBBAHkAQQBEAFUAQQBOAHcAQQB6AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1148 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e5b13fd7-25ef-4ac9-b78f-c9e64782ea8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBPAEEAQQB3AEEAQwA0AEEATQB3AEEAeABBAEMAMABBAE0AZwBBADIAQQBEAEkAQQBPAEEAQQAzAEEARABRAEEATwBBAEEANABBAEQARQBBAE0AZwBBAHkAQQBEAFUAQQBOAHcAQQB6AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1147 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc84b2a4-2871-44c2-9e21-0ea7c92ee090
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7c93e27f-e658-41eb-bf0b-c3220912e663
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1146 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b1d7ce1d-5147-4a10-95e6-d5350ebb28a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2ef0b5b9-40c1-4218-b95c-5eb256e8324b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1145 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b1d7ce1d-5147-4a10-95e6-d5350ebb28a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1144 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b1d7ce1d-5147-4a10-95e6-d5350ebb28a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1143 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b1d7ce1d-5147-4a10-95e6-d5350ebb28a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1142 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b1d7ce1d-5147-4a10-95e6-d5350ebb28a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1141 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b1d7ce1d-5147-4a10-95e6-d5350ebb28a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1140 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b1d7ce1d-5147-4a10-95e6-d5350ebb28a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1139 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b1d7ce1d-5147-4a10-95e6-d5350ebb28a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1138 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b1d7ce1d-5147-4a10-95e6-d5350ebb28a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1137 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc84b2a4-2871-44c2-9e21-0ea7c92ee090
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7c93e27f-e658-41eb-bf0b-c3220912e663
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1136 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc84b2a4-2871-44c2-9e21-0ea7c92ee090
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1135 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc84b2a4-2871-44c2-9e21-0ea7c92ee090
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1134 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc84b2a4-2871-44c2-9e21-0ea7c92ee090
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1133 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc84b2a4-2871-44c2-9e21-0ea7c92ee090
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1132 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc84b2a4-2871-44c2-9e21-0ea7c92ee090
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1131 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc84b2a4-2871-44c2-9e21-0ea7c92ee090
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1130 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd73b11c-053a-4d54-b386-f29521a508d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e90b983c-9988-4a4a-9dc4-2c8f0ac2373d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1129 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5a33709c-29b7-4ed8-b306-4663ac5767bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6ca9a043-f08b-45a4-8002-bc814523ef6e
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1128 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5a33709c-29b7-4ed8-b306-4663ac5767bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6ca9a043-f08b-45a4-8002-bc814523ef6e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1127 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5a33709c-29b7-4ed8-b306-4663ac5767bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1126 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5a33709c-29b7-4ed8-b306-4663ac5767bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1125 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5a33709c-29b7-4ed8-b306-4663ac5767bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1124 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5a33709c-29b7-4ed8-b306-4663ac5767bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1123 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5a33709c-29b7-4ed8-b306-4663ac5767bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1122 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5a33709c-29b7-4ed8-b306-4663ac5767bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1121 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5a33709c-29b7-4ed8-b306-4663ac5767bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1120 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5a33709c-29b7-4ed8-b306-4663ac5767bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1119 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd73b11c-053a-4d54-b386-f29521a508d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e90b983c-9988-4a4a-9dc4-2c8f0ac2373d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1118 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd73b11c-053a-4d54-b386-f29521a508d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1117 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd73b11c-053a-4d54-b386-f29521a508d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1116 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd73b11c-053a-4d54-b386-f29521a508d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1115 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd73b11c-053a-4d54-b386-f29521a508d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1114 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd73b11c-053a-4d54-b386-f29521a508d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1113 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd73b11c-053a-4d54-b386-f29521a508d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1112 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e49de25-787c-4c86-bdb9-1ec2e03cef7a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8122ba14-38c3-471e-8255-edc86bc184f7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1111 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ce9baab5-f806-4519-b176-ae63d22b5356
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3f6ecb23-067f-440f-8c87-2723ca668ac2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1110 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ce9baab5-f806-4519-b176-ae63d22b5356
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1109 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ce9baab5-f806-4519-b176-ae63d22b5356
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1108 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ce9baab5-f806-4519-b176-ae63d22b5356
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1107 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ce9baab5-f806-4519-b176-ae63d22b5356
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1106 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ce9baab5-f806-4519-b176-ae63d22b5356
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1105 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ce9baab5-f806-4519-b176-ae63d22b5356
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1104 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ce9baab5-f806-4519-b176-ae63d22b5356
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1103 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ce9baab5-f806-4519-b176-ae63d22b5356
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1102 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e49de25-787c-4c86-bdb9-1ec2e03cef7a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8122ba14-38c3-471e-8255-edc86bc184f7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1101 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e49de25-787c-4c86-bdb9-1ec2e03cef7a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1100 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e49de25-787c-4c86-bdb9-1ec2e03cef7a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1099 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e49de25-787c-4c86-bdb9-1ec2e03cef7a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1098 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e49de25-787c-4c86-bdb9-1ec2e03cef7a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1097 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e49de25-787c-4c86-bdb9-1ec2e03cef7a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1096 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e49de25-787c-4c86-bdb9-1ec2e03cef7a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1095 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b179093-380b-4599-ad0b-1c92a1df3735
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9d4d7d90-4184-4d31-99b3-217a21d13fa9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1094 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2e7d4178-4aea-45d7-85dd-f99daccf4274
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9cab152b-80d5-4832-bfd0-4e07c2f6cb1f
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1093 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2e7d4178-4aea-45d7-85dd-f99daccf4274
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9cab152b-80d5-4832-bfd0-4e07c2f6cb1f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1092 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2e7d4178-4aea-45d7-85dd-f99daccf4274
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1091 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2e7d4178-4aea-45d7-85dd-f99daccf4274
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1090 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2e7d4178-4aea-45d7-85dd-f99daccf4274
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1089 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2e7d4178-4aea-45d7-85dd-f99daccf4274
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1088 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2e7d4178-4aea-45d7-85dd-f99daccf4274
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1087 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2e7d4178-4aea-45d7-85dd-f99daccf4274
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1086 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2e7d4178-4aea-45d7-85dd-f99daccf4274
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1085 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2e7d4178-4aea-45d7-85dd-f99daccf4274
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1084 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b179093-380b-4599-ad0b-1c92a1df3735
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9d4d7d90-4184-4d31-99b3-217a21d13fa9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1083 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b179093-380b-4599-ad0b-1c92a1df3735
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1082 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b179093-380b-4599-ad0b-1c92a1df3735
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1081 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b179093-380b-4599-ad0b-1c92a1df3735
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1080 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b179093-380b-4599-ad0b-1c92a1df3735
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1079 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b179093-380b-4599-ad0b-1c92a1df3735
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1078 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b179093-380b-4599-ad0b-1c92a1df3735
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1077 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a4acf7e8-9e95-4337-91f0-ee18053ac44c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c3231d98-5681-4416-a93a-02b6ec2d2efb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1076 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5861902-ceb0-45cf-bbf6-e11a6bc821b1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9297010d-a07e-4052-ae3a-26a31dcdea96
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1075 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5861902-ceb0-45cf-bbf6-e11a6bc821b1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9297010d-a07e-4052-ae3a-26a31dcdea96
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1074 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5861902-ceb0-45cf-bbf6-e11a6bc821b1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1073 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5861902-ceb0-45cf-bbf6-e11a6bc821b1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1072 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5861902-ceb0-45cf-bbf6-e11a6bc821b1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1071 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5861902-ceb0-45cf-bbf6-e11a6bc821b1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1070 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5861902-ceb0-45cf-bbf6-e11a6bc821b1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1069 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5861902-ceb0-45cf-bbf6-e11a6bc821b1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1068 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5861902-ceb0-45cf-bbf6-e11a6bc821b1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1067 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5861902-ceb0-45cf-bbf6-e11a6bc821b1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1066 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a4acf7e8-9e95-4337-91f0-ee18053ac44c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c3231d98-5681-4416-a93a-02b6ec2d2efb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1065 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a4acf7e8-9e95-4337-91f0-ee18053ac44c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1064 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a4acf7e8-9e95-4337-91f0-ee18053ac44c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1063 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a4acf7e8-9e95-4337-91f0-ee18053ac44c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1062 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a4acf7e8-9e95-4337-91f0-ee18053ac44c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1061 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a4acf7e8-9e95-4337-91f0-ee18053ac44c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1060 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a4acf7e8-9e95-4337-91f0-ee18053ac44c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1059 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4da6a22-59be-446e-84c5-7e34ec7a65b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f0dfc258-67c6-4c23-87f5-539130406b44
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1058 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=df412ca6-74e5-4e02-843c-2ea6ddf3cf90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0a043d1f-0890-4e9d-bc78-85787ace34d4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1057 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=df412ca6-74e5-4e02-843c-2ea6ddf3cf90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1056 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=df412ca6-74e5-4e02-843c-2ea6ddf3cf90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1055 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=df412ca6-74e5-4e02-843c-2ea6ddf3cf90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1054 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=df412ca6-74e5-4e02-843c-2ea6ddf3cf90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1053 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=df412ca6-74e5-4e02-843c-2ea6ddf3cf90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1052 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=df412ca6-74e5-4e02-843c-2ea6ddf3cf90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1051 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=df412ca6-74e5-4e02-843c-2ea6ddf3cf90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1050 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=df412ca6-74e5-4e02-843c-2ea6ddf3cf90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1049 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4da6a22-59be-446e-84c5-7e34ec7a65b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f0dfc258-67c6-4c23-87f5-539130406b44
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1048 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4da6a22-59be-446e-84c5-7e34ec7a65b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1047 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4da6a22-59be-446e-84c5-7e34ec7a65b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1046 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4da6a22-59be-446e-84c5-7e34ec7a65b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1045 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4da6a22-59be-446e-84c5-7e34ec7a65b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1044 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4da6a22-59be-446e-84c5-7e34ec7a65b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1043 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4da6a22-59be-446e-84c5-7e34ec7a65b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1042 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36496962-865f-4903-8bb0-7888c76f3a1d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6cf92b93-a33b-4231-9396-67a5e9e3cbda
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1041 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e14b22ae-4cbc-4020-b6b6-f2c840aeda63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0565b5d8-9619-428c-97ac-c935e4b3c21f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1040 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e14b22ae-4cbc-4020-b6b6-f2c840aeda63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1039 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e14b22ae-4cbc-4020-b6b6-f2c840aeda63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1038 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e14b22ae-4cbc-4020-b6b6-f2c840aeda63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1037 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e14b22ae-4cbc-4020-b6b6-f2c840aeda63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1036 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e14b22ae-4cbc-4020-b6b6-f2c840aeda63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1035 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e14b22ae-4cbc-4020-b6b6-f2c840aeda63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1034 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e14b22ae-4cbc-4020-b6b6-f2c840aeda63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1033 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e14b22ae-4cbc-4020-b6b6-f2c840aeda63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1032 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36496962-865f-4903-8bb0-7888c76f3a1d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6cf92b93-a33b-4231-9396-67a5e9e3cbda
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1031 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36496962-865f-4903-8bb0-7888c76f3a1d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1030 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36496962-865f-4903-8bb0-7888c76f3a1d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1029 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36496962-865f-4903-8bb0-7888c76f3a1d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1028 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36496962-865f-4903-8bb0-7888c76f3a1d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1027 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36496962-865f-4903-8bb0-7888c76f3a1d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1026 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36496962-865f-4903-8bb0-7888c76f3a1d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1025 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bcde38fd-d122-4e60-a680-ea1a962e86a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=57c9a635-e8e9-4cfe-a464-38348ca44f67
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1024 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=41573ef6-fada-4faa-9a15-284f8cb8e2eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=50d524d0-7765-42e2-b1f9-8aad5f846f42
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1023 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=41573ef6-fada-4faa-9a15-284f8cb8e2eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=50d524d0-7765-42e2-b1f9-8aad5f846f42
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1022 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=41573ef6-fada-4faa-9a15-284f8cb8e2eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1021 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=41573ef6-fada-4faa-9a15-284f8cb8e2eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1020 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=41573ef6-fada-4faa-9a15-284f8cb8e2eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1019 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=41573ef6-fada-4faa-9a15-284f8cb8e2eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1018 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=41573ef6-fada-4faa-9a15-284f8cb8e2eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1017 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=41573ef6-fada-4faa-9a15-284f8cb8e2eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1016 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=41573ef6-fada-4faa-9a15-284f8cb8e2eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1015 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=41573ef6-fada-4faa-9a15-284f8cb8e2eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1014 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bcde38fd-d122-4e60-a680-ea1a962e86a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=57c9a635-e8e9-4cfe-a464-38348ca44f67
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1013 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bcde38fd-d122-4e60-a680-ea1a962e86a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1012 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bcde38fd-d122-4e60-a680-ea1a962e86a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1011 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bcde38fd-d122-4e60-a680-ea1a962e86a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1010 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bcde38fd-d122-4e60-a680-ea1a962e86a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1009 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bcde38fd-d122-4e60-a680-ea1a962e86a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1008 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bcde38fd-d122-4e60-a680-ea1a962e86a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1007 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ec85604-4494-4c29-a71d-e95a8aaa9a4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=108dbbfe-4b66-4466-8d1b-0a26ec504c16
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1006 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=725a4ef6-b6fc-4e80-9bd2-ae7a7f3537ca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9ebd64bf-b3bb-40f3-b90b-039336a23e10
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1005 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=725a4ef6-b6fc-4e80-9bd2-ae7a7f3537ca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9ebd64bf-b3bb-40f3-b90b-039336a23e10
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1004 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=725a4ef6-b6fc-4e80-9bd2-ae7a7f3537ca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1003 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=725a4ef6-b6fc-4e80-9bd2-ae7a7f3537ca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1002 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=725a4ef6-b6fc-4e80-9bd2-ae7a7f3537ca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1001 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=725a4ef6-b6fc-4e80-9bd2-ae7a7f3537ca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1000 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=725a4ef6-b6fc-4e80-9bd2-ae7a7f3537ca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 999 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=725a4ef6-b6fc-4e80-9bd2-ae7a7f3537ca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 998 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=725a4ef6-b6fc-4e80-9bd2-ae7a7f3537ca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 997 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=725a4ef6-b6fc-4e80-9bd2-ae7a7f3537ca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 996 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ec85604-4494-4c29-a71d-e95a8aaa9a4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=108dbbfe-4b66-4466-8d1b-0a26ec504c16
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 995 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ec85604-4494-4c29-a71d-e95a8aaa9a4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 994 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ec85604-4494-4c29-a71d-e95a8aaa9a4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 993 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ec85604-4494-4c29-a71d-e95a8aaa9a4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 992 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ec85604-4494-4c29-a71d-e95a8aaa9a4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 991 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ec85604-4494-4c29-a71d-e95a8aaa9a4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 990 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ec85604-4494-4c29-a71d-e95a8aaa9a4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 989 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc051eb7-282e-4d10-a72d-222b21fc161d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c4bf2d58-7ba3-423b-9397-c468a3d90482
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 988 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5196e3d6-6466-4f53-b14c-2493a173387d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=48254c13-8f8b-4588-881a-3727f0d9ef50
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 987 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5196e3d6-6466-4f53-b14c-2493a173387d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 986 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5196e3d6-6466-4f53-b14c-2493a173387d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 985 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5196e3d6-6466-4f53-b14c-2493a173387d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 984 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5196e3d6-6466-4f53-b14c-2493a173387d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 983 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5196e3d6-6466-4f53-b14c-2493a173387d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 982 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5196e3d6-6466-4f53-b14c-2493a173387d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 981 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5196e3d6-6466-4f53-b14c-2493a173387d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 980 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5196e3d6-6466-4f53-b14c-2493a173387d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 979 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc051eb7-282e-4d10-a72d-222b21fc161d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c4bf2d58-7ba3-423b-9397-c468a3d90482
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 978 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc051eb7-282e-4d10-a72d-222b21fc161d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 977 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc051eb7-282e-4d10-a72d-222b21fc161d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 976 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc051eb7-282e-4d10-a72d-222b21fc161d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 975 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc051eb7-282e-4d10-a72d-222b21fc161d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 974 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc051eb7-282e-4d10-a72d-222b21fc161d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 973 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc051eb7-282e-4d10-a72d-222b21fc161d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 972 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:34:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7d185af8-2417-4de7-bd13-4f7f6cbf833e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATgBBAEEAdQBBAEQAVQBBAE4AdwBBAHQAQQBEAFUAQQBOAFEAQQAyAEEARABjAEEATgBBAEEAMwBBAEQASQBBAE4AZwBBAHcAQQBEAFUAQQBNAEEAQQAxAEEARABJAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=3c60fc9a-c219-4926-9924-72829b544fa2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 971 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=539cc733-851c-4a5e-addd-20db1ba97b70
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADMANAAuADUANwAtADUANQA2ADcANAA3ADIANgAwADUAMAA1ADIANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=26c52ff8-5621-48c1-a5df-f2d4540c8ebf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 970 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=539cc733-851c-4a5e-addd-20db1ba97b70
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADMANAAuADUANwAtADUANQA2ADcANAA3ADIANgAwADUAMAA1ADIANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=26c52ff8-5621-48c1-a5df-f2d4540c8ebf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 969 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=539cc733-851c-4a5e-addd-20db1ba97b70
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADMANAAuADUANwAtADUANQA2ADcANAA3ADIANgAwADUAMAA1ADIANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 968 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=539cc733-851c-4a5e-addd-20db1ba97b70
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADMANAAuADUANwAtADUANQA2ADcANAA3ADIANgAwADUAMAA1ADIANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 967 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=539cc733-851c-4a5e-addd-20db1ba97b70
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADMANAAuADUANwAtADUANQA2ADcANAA3ADIANgAwADUAMAA1ADIANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 966 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=539cc733-851c-4a5e-addd-20db1ba97b70
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADMANAAuADUANwAtADUANQA2ADcANAA3ADIANgAwADUAMAA1ADIANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 965 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=539cc733-851c-4a5e-addd-20db1ba97b70
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADMANAAuADUANwAtADUANQA2ADcANAA3ADIANgAwADUAMAA1ADIANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 964 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=539cc733-851c-4a5e-addd-20db1ba97b70
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADMANAAuADUANwAtADUANQA2ADcANAA3ADIANgAwADUAMAA1ADIANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 963 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7d185af8-2417-4de7-bd13-4f7f6cbf833e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATgBBAEEAdQBBAEQAVQBBAE4AdwBBAHQAQQBEAFUAQQBOAFEAQQAyAEEARABjAEEATgBBAEEAMwBBAEQASQBBAE4AZwBBAHcAQQBEAFUAQQBNAEEAQQAxAEEARABJAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=3c60fc9a-c219-4926-9924-72829b544fa2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 962 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7d185af8-2417-4de7-bd13-4f7f6cbf833e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATgBBAEEAdQBBAEQAVQBBAE4AdwBBAHQAQQBEAFUAQQBOAFEAQQAyAEEARABjAEEATgBBAEEAMwBBAEQASQBBAE4AZwBBAHcAQQBEAFUAQQBNAEEAQQAxAEEARABJAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 961 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7d185af8-2417-4de7-bd13-4f7f6cbf833e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATgBBAEEAdQBBAEQAVQBBAE4AdwBBAHQAQQBEAFUAQQBOAFEAQQAyAEEARABjAEEATgBBAEEAMwBBAEQASQBBAE4AZwBBAHcAQQBEAFUAQQBNAEEAQQAxAEEARABJAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 960 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7d185af8-2417-4de7-bd13-4f7f6cbf833e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATgBBAEEAdQBBAEQAVQBBAE4AdwBBAHQAQQBEAFUAQQBOAFEAQQAyAEEARABjAEEATgBBAEEAMwBBAEQASQBBAE4AZwBBAHcAQQBEAFUAQQBNAEEAQQAxAEEARABJAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 959 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7d185af8-2417-4de7-bd13-4f7f6cbf833e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATgBBAEEAdQBBAEQAVQBBAE4AdwBBAHQAQQBEAFUAQQBOAFEAQQAyAEEARABjAEEATgBBAEEAMwBBAEQASQBBAE4AZwBBAHcAQQBEAFUAQQBNAEEAQQAxAEEARABJAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 958 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7d185af8-2417-4de7-bd13-4f7f6cbf833e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATgBBAEEAdQBBAEQAVQBBAE4AdwBBAHQAQQBEAFUAQQBOAFEAQQAyAEEARABjAEEATgBBAEEAMwBBAEQASQBBAE4AZwBBAHcAQQBEAFUAQQBNAEEAQQAxAEEARABJAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 957 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7d185af8-2417-4de7-bd13-4f7f6cbf833e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATgBBAEEAdQBBAEQAVQBBAE4AdwBBAHQAQQBEAFUAQQBOAFEAQQAyAEEARABjAEEATgBBAEEAMwBBAEQASQBBAE4AZwBBAHcAQQBEAFUAQQBNAEEAQQAxAEEARABJAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 956 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c7c223d-d5d5-4165-8c04-4e9c13b17efa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6c41ede5-61d3-4820-8573-bc17a795f39c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 955 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1967dbb5-cae5-4077-ab1d-c4418bd25033
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2fd97edb-f8b4-4352-8cef-0f0cb58cd2f5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 954 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1967dbb5-cae5-4077-ab1d-c4418bd25033
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 953 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1967dbb5-cae5-4077-ab1d-c4418bd25033
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 952 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1967dbb5-cae5-4077-ab1d-c4418bd25033
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 951 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1967dbb5-cae5-4077-ab1d-c4418bd25033
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 950 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1967dbb5-cae5-4077-ab1d-c4418bd25033
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 949 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1967dbb5-cae5-4077-ab1d-c4418bd25033
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 948 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1967dbb5-cae5-4077-ab1d-c4418bd25033
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 947 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1967dbb5-cae5-4077-ab1d-c4418bd25033
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 946 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c7c223d-d5d5-4165-8c04-4e9c13b17efa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6c41ede5-61d3-4820-8573-bc17a795f39c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 945 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c7c223d-d5d5-4165-8c04-4e9c13b17efa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 944 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c7c223d-d5d5-4165-8c04-4e9c13b17efa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 943 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c7c223d-d5d5-4165-8c04-4e9c13b17efa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 942 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c7c223d-d5d5-4165-8c04-4e9c13b17efa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 941 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c7c223d-d5d5-4165-8c04-4e9c13b17efa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 940 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c7c223d-d5d5-4165-8c04-4e9c13b17efa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 939 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f7c381d-7aeb-467c-889a-f72c3a5e96d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADMANAAuADUANwAtADUANQA2ADcANAA3ADIANgAwADUAMAA1ADIANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=d3fd33c4-2418-4963-9ae6-6d1515b9904b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 938 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f7c381d-7aeb-467c-889a-f72c3a5e96d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADMANAAuADUANwAtADUANQA2ADcANAA3ADIANgAwADUAMAA1ADIANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=d3fd33c4-2418-4963-9ae6-6d1515b9904b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 937 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f7c381d-7aeb-467c-889a-f72c3a5e96d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADMANAAuADUANwAtADUANQA2ADcANAA3ADIANgAwADUAMAA1ADIANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 936 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f7c381d-7aeb-467c-889a-f72c3a5e96d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADMANAAuADUANwAtADUANQA2ADcANAA3ADIANgAwADUAMAA1ADIANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 935 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f7c381d-7aeb-467c-889a-f72c3a5e96d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADMANAAuADUANwAtADUANQA2ADcANAA3ADIANgAwADUAMAA1ADIANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 934 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f7c381d-7aeb-467c-889a-f72c3a5e96d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADMANAAuADUANwAtADUANQA2ADcANAA3ADIANgAwADUAMAA1ADIANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 933 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f7c381d-7aeb-467c-889a-f72c3a5e96d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADMANAAuADUANwAtADUANQA2ADcANAA3ADIANgAwADUAMAA1ADIANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 932 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f7c381d-7aeb-467c-889a-f72c3a5e96d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADMANAAuADUANwAtADUANQA2ADcANAA3ADIANgAwADUAMAA1ADIANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 931 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8dc2600a-7dc1-4867-a298-58574a84a3e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bdb7e987-a14a-42f7-ae9e-77193e81dbf3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 930 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d49162af-3afe-4cbd-948b-a649cb842e3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bed1f3bf-5b90-4e12-9058-0cc6d48186e4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 929 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d49162af-3afe-4cbd-948b-a649cb842e3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 928 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d49162af-3afe-4cbd-948b-a649cb842e3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 927 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d49162af-3afe-4cbd-948b-a649cb842e3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 926 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d49162af-3afe-4cbd-948b-a649cb842e3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 925 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d49162af-3afe-4cbd-948b-a649cb842e3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 924 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d49162af-3afe-4cbd-948b-a649cb842e3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 923 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d49162af-3afe-4cbd-948b-a649cb842e3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 922 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d49162af-3afe-4cbd-948b-a649cb842e3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 921 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8dc2600a-7dc1-4867-a298-58574a84a3e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bdb7e987-a14a-42f7-ae9e-77193e81dbf3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 920 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8dc2600a-7dc1-4867-a298-58574a84a3e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 919 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8dc2600a-7dc1-4867-a298-58574a84a3e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 918 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8dc2600a-7dc1-4867-a298-58574a84a3e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 917 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8dc2600a-7dc1-4867-a298-58574a84a3e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 916 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8dc2600a-7dc1-4867-a298-58574a84a3e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 915 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8dc2600a-7dc1-4867-a298-58574a84a3e9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 914 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a4029746-d344-460b-93ec-b496593e528a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAHcAQQAwAEEAQwA0AEEATgBRAEEAMwBBAEMAMABBAE4AUQBBADEAQQBEAFkAQQBOAHcAQQAwAEEARABjAEEATQBnAEEAMgBBAEQAQQBBAE4AUQBBAHcAQQBEAFUAQQBNAGcAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=a2316ff4-b1a6-4af6-aa80-f55fe947a07e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 913 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=594509bd-4b84-4a35-b9d1-57f88d72afa4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMwA0AC4ANQA3AC0ANQA1ADYANwA0ADcAMgA2ADAANQAwADUAMgA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=d01d96d8-45f5-4f35-b3b2-10472c82a5b3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 912 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=594509bd-4b84-4a35-b9d1-57f88d72afa4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMwA0AC4ANQA3AC0ANQA1ADYANwA0ADcAMgA2ADAANQAwADUAMgA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=d01d96d8-45f5-4f35-b3b2-10472c82a5b3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 911 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=594509bd-4b84-4a35-b9d1-57f88d72afa4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMwA0AC4ANQA3AC0ANQA1ADYANwA0ADcAMgA2ADAANQAwADUAMgA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 910 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=594509bd-4b84-4a35-b9d1-57f88d72afa4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMwA0AC4ANQA3AC0ANQA1ADYANwA0ADcAMgA2ADAANQAwADUAMgA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 909 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=594509bd-4b84-4a35-b9d1-57f88d72afa4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMwA0AC4ANQA3AC0ANQA1ADYANwA0ADcAMgA2ADAANQAwADUAMgA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 908 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=594509bd-4b84-4a35-b9d1-57f88d72afa4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMwA0AC4ANQA3AC0ANQA1ADYANwA0ADcAMgA2ADAANQAwADUAMgA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 907 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=594509bd-4b84-4a35-b9d1-57f88d72afa4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMwA0AC4ANQA3AC0ANQA1ADYANwA0ADcAMgA2ADAANQAwADUAMgA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 906 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=594509bd-4b84-4a35-b9d1-57f88d72afa4
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMwA0AC4ANQA3AC0ANQA1ADYANwA0ADcAMgA2ADAANQAwADUAMgA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 905 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a4029746-d344-460b-93ec-b496593e528a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAHcAQQAwAEEAQwA0AEEATgBRAEEAMwBBAEMAMABBAE4AUQBBADEAQQBEAFkAQQBOAHcAQQAwAEEARABjAEEATQBnAEEAMgBBAEQAQQBBAE4AUQBBAHcAQQBEAFUAQQBNAGcAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=a2316ff4-b1a6-4af6-aa80-f55fe947a07e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 904 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a4029746-d344-460b-93ec-b496593e528a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAHcAQQAwAEEAQwA0AEEATgBRAEEAMwBBAEMAMABBAE4AUQBBADEAQQBEAFkAQQBOAHcAQQAwAEEARABjAEEATQBnAEEAMgBBAEQAQQBBAE4AUQBBAHcAQQBEAFUAQQBNAGcAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 903 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a4029746-d344-460b-93ec-b496593e528a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAHcAQQAwAEEAQwA0AEEATgBRAEEAMwBBAEMAMABBAE4AUQBBADEAQQBEAFkAQQBOAHcAQQAwAEEARABjAEEATQBnAEEAMgBBAEQAQQBBAE4AUQBBAHcAQQBEAFUAQQBNAGcAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 902 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a4029746-d344-460b-93ec-b496593e528a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAHcAQQAwAEEAQwA0AEEATgBRAEEAMwBBAEMAMABBAE4AUQBBADEAQQBEAFkAQQBOAHcAQQAwAEEARABjAEEATQBnAEEAMgBBAEQAQQBBAE4AUQBBAHcAQQBEAFUAQQBNAGcAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 901 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a4029746-d344-460b-93ec-b496593e528a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAHcAQQAwAEEAQwA0AEEATgBRAEEAMwBBAEMAMABBAE4AUQBBADEAQQBEAFkAQQBOAHcAQQAwAEEARABjAEEATQBnAEEAMgBBAEQAQQBBAE4AUQBBAHcAQQBEAFUAQQBNAGcAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 900 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a4029746-d344-460b-93ec-b496593e528a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAHcAQQAwAEEAQwA0AEEATgBRAEEAMwBBAEMAMABBAE4AUQBBADEAQQBEAFkAQQBOAHcAQQAwAEEARABjAEEATQBnAEEAMgBBAEQAQQBBAE4AUQBBAHcAQQBEAFUAQQBNAGcAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 899 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a4029746-d344-460b-93ec-b496593e528a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAHcAQQAwAEEAQwA0AEEATgBRAEEAMwBBAEMAMABBAE4AUQBBADEAQQBEAFkAQQBOAHcAQQAwAEEARABjAEEATQBnAEEAMgBBAEQAQQBBAE4AUQBBAHcAQQBEAFUAQQBNAGcAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 898 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f70a870-c25b-41ec-8c2b-783d16330dc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABJAEEATwBRAEEAdQBBAEQAUQBBAE4AdwBBAHQAQQBEAEUAQQBNAHcAQQAzAEEARABFAEEATQBnAEEAeQBBAEQAUQBBAE4AdwBBADAAQQBEAEEAQQBOAGcAQQAzAEEARABnAEEATgBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=a5c18ce7-2358-476a-944a-809ffa6d9942
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 897 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24bac29e-c27e-40da-95e6-70bcec57f87a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIAOQAuADQANwAtADEAMwA3ADEAMgAyADQANwA0ADAANgA3ADgANgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=d4bd93d3-6584-44eb-bbd7-09b0681d1075
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 896 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24bac29e-c27e-40da-95e6-70bcec57f87a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIAOQAuADQANwAtADEAMwA3ADEAMgAyADQANwA0ADAANgA3ADgANgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=d4bd93d3-6584-44eb-bbd7-09b0681d1075
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 895 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24bac29e-c27e-40da-95e6-70bcec57f87a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIAOQAuADQANwAtADEAMwA3ADEAMgAyADQANwA0ADAANgA3ADgANgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 894 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24bac29e-c27e-40da-95e6-70bcec57f87a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIAOQAuADQANwAtADEAMwA3ADEAMgAyADQANwA0ADAANgA3ADgANgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 893 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24bac29e-c27e-40da-95e6-70bcec57f87a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIAOQAuADQANwAtADEAMwA3ADEAMgAyADQANwA0ADAANgA3ADgANgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 892 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24bac29e-c27e-40da-95e6-70bcec57f87a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIAOQAuADQANwAtADEAMwA3ADEAMgAyADQANwA0ADAANgA3ADgANgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 891 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24bac29e-c27e-40da-95e6-70bcec57f87a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIAOQAuADQANwAtADEAMwA3ADEAMgAyADQANwA0ADAANgA3ADgANgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 890 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24bac29e-c27e-40da-95e6-70bcec57f87a
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIAOQAuADQANwAtADEAMwA3ADEAMgAyADQANwA0ADAANgA3ADgANgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 889 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f70a870-c25b-41ec-8c2b-783d16330dc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABJAEEATwBRAEEAdQBBAEQAUQBBAE4AdwBBAHQAQQBEAEUAQQBNAHcAQQAzAEEARABFAEEATQBnAEEAeQBBAEQAUQBBAE4AdwBBADAAQQBEAEEAQQBOAGcAQQAzAEEARABnAEEATgBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=a5c18ce7-2358-476a-944a-809ffa6d9942
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 888 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f70a870-c25b-41ec-8c2b-783d16330dc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABJAEEATwBRAEEAdQBBAEQAUQBBAE4AdwBBAHQAQQBEAEUAQQBNAHcAQQAzAEEARABFAEEATQBnAEEAeQBBAEQAUQBBAE4AdwBBADAAQQBEAEEAQQBOAGcAQQAzAEEARABnAEEATgBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 887 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f70a870-c25b-41ec-8c2b-783d16330dc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABJAEEATwBRAEEAdQBBAEQAUQBBAE4AdwBBAHQAQQBEAEUAQQBNAHcAQQAzAEEARABFAEEATQBnAEEAeQBBAEQAUQBBAE4AdwBBADAAQQBEAEEAQQBOAGcAQQAzAEEARABnAEEATgBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 886 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f70a870-c25b-41ec-8c2b-783d16330dc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABJAEEATwBRAEEAdQBBAEQAUQBBAE4AdwBBAHQAQQBEAEUAQQBNAHcAQQAzAEEARABFAEEATQBnAEEAeQBBAEQAUQBBAE4AdwBBADAAQQBEAEEAQQBOAGcAQQAzAEEARABnAEEATgBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 885 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f70a870-c25b-41ec-8c2b-783d16330dc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABJAEEATwBRAEEAdQBBAEQAUQBBAE4AdwBBAHQAQQBEAEUAQQBNAHcAQQAzAEEARABFAEEATQBnAEEAeQBBAEQAUQBBAE4AdwBBADAAQQBEAEEAQQBOAGcAQQAzAEEARABnAEEATgBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 884 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f70a870-c25b-41ec-8c2b-783d16330dc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABJAEEATwBRAEEAdQBBAEQAUQBBAE4AdwBBAHQAQQBEAEUAQQBNAHcAQQAzAEEARABFAEEATQBnAEEAeQBBAEQAUQBBAE4AdwBBADAAQQBEAEEAQQBOAGcAQQAzAEEARABnAEEATgBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 883 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f70a870-c25b-41ec-8c2b-783d16330dc6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABJAEEATwBRAEEAdQBBAEQAUQBBAE4AdwBBAHQAQQBEAEUAQQBNAHcAQQAzAEEARABFAEEATQBnAEEAeQBBAEQAUQBBAE4AdwBBADAAQQBEAEEAQQBOAGcAQQAzAEEARABnAEEATgBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 882 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5d0d61f2-d220-41a3-8fcc-b0fc7f37b850
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=af32acd7-d50a-4532-a3f8-e71baa88aa61
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 881 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dec4e540-1dac-448b-aadd-ec5bdede29b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=615837bc-c949-430f-b9b3-56ebbf3bac97
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 880 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dec4e540-1dac-448b-aadd-ec5bdede29b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 879 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dec4e540-1dac-448b-aadd-ec5bdede29b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 878 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dec4e540-1dac-448b-aadd-ec5bdede29b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 877 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dec4e540-1dac-448b-aadd-ec5bdede29b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 876 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dec4e540-1dac-448b-aadd-ec5bdede29b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 875 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dec4e540-1dac-448b-aadd-ec5bdede29b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 874 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dec4e540-1dac-448b-aadd-ec5bdede29b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 873 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dec4e540-1dac-448b-aadd-ec5bdede29b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 872 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5d0d61f2-d220-41a3-8fcc-b0fc7f37b850
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=af32acd7-d50a-4532-a3f8-e71baa88aa61
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 871 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5d0d61f2-d220-41a3-8fcc-b0fc7f37b850
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 870 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5d0d61f2-d220-41a3-8fcc-b0fc7f37b850
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 869 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5d0d61f2-d220-41a3-8fcc-b0fc7f37b850
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 868 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5d0d61f2-d220-41a3-8fcc-b0fc7f37b850
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 867 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5d0d61f2-d220-41a3-8fcc-b0fc7f37b850
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 866 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5d0d61f2-d220-41a3-8fcc-b0fc7f37b850
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 865 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95755010-e141-40d6-a1d9-11d06ac94060
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIAOQAuADQANwAtADEAMwA3ADEAMgAyADQANwA0ADAANgA3ADgANgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=b718fd71-92a9-4827-948b-ee3755a9f49b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 864 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95755010-e141-40d6-a1d9-11d06ac94060
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIAOQAuADQANwAtADEAMwA3ADEAMgAyADQANwA0ADAANgA3ADgANgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=b718fd71-92a9-4827-948b-ee3755a9f49b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 863 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95755010-e141-40d6-a1d9-11d06ac94060
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIAOQAuADQANwAtADEAMwA3ADEAMgAyADQANwA0ADAANgA3ADgANgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 862 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95755010-e141-40d6-a1d9-11d06ac94060
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIAOQAuADQANwAtADEAMwA3ADEAMgAyADQANwA0ADAANgA3ADgANgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 861 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95755010-e141-40d6-a1d9-11d06ac94060
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIAOQAuADQANwAtADEAMwA3ADEAMgAyADQANwA0ADAANgA3ADgANgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 860 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95755010-e141-40d6-a1d9-11d06ac94060
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIAOQAuADQANwAtADEAMwA3ADEAMgAyADQANwA0ADAANgA3ADgANgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 859 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95755010-e141-40d6-a1d9-11d06ac94060
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIAOQAuADQANwAtADEAMwA3ADEAMgAyADQANwA0ADAANgA3ADgANgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 858 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95755010-e141-40d6-a1d9-11d06ac94060
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIAOQAuADQANwAtADEAMwA3ADEAMgAyADQANwA0ADAANgA3ADgANgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 857 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=845871e2-c94d-4975-bc69-d114d3d8dcd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e112a316-be61-405c-aedd-278d6a8e56f7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 856 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f8a533cf-0d90-45b7-a786-218fc1be36ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=993ece90-6128-4a37-8b0d-9419e3b9c761
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 855 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f8a533cf-0d90-45b7-a786-218fc1be36ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 854 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f8a533cf-0d90-45b7-a786-218fc1be36ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 853 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f8a533cf-0d90-45b7-a786-218fc1be36ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 852 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f8a533cf-0d90-45b7-a786-218fc1be36ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 851 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f8a533cf-0d90-45b7-a786-218fc1be36ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 850 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f8a533cf-0d90-45b7-a786-218fc1be36ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 849 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f8a533cf-0d90-45b7-a786-218fc1be36ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 848 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f8a533cf-0d90-45b7-a786-218fc1be36ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 847 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=845871e2-c94d-4975-bc69-d114d3d8dcd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e112a316-be61-405c-aedd-278d6a8e56f7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 846 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=845871e2-c94d-4975-bc69-d114d3d8dcd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 845 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=845871e2-c94d-4975-bc69-d114d3d8dcd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 844 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=845871e2-c94d-4975-bc69-d114d3d8dcd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 843 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=845871e2-c94d-4975-bc69-d114d3d8dcd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 842 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=845871e2-c94d-4975-bc69-d114d3d8dcd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 841 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=845871e2-c94d-4975-bc69-d114d3d8dcd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 840 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=29c00431-71d3-4cba-b7a4-96d1da5f7fba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAGcAQQA1AEEAQwA0AEEATgBBAEEAMwBBAEMAMABBAE0AUQBBAHoAQQBEAGMAQQBNAFEAQQB5AEEARABJAEEATgBBAEEAMwBBAEQAUQBBAE0AQQBBADIAQQBEAGMAQQBPAEEAQQAyAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=4b31a0a6-a964-45ff-9485-f2024d0f635e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 839 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3892512e-e77a-4a5e-9204-cc0894e6ea4f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMgA5AC4ANAA3AC0AMQAzADcAMQAyADIANAA3ADQAMAA2ADcAOAA2ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=a19ff3a8-6737-4dcd-8046-8314989efc89
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 838 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3892512e-e77a-4a5e-9204-cc0894e6ea4f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMgA5AC4ANAA3AC0AMQAzADcAMQAyADIANAA3ADQAMAA2ADcAOAA2ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=a19ff3a8-6737-4dcd-8046-8314989efc89
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 837 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3892512e-e77a-4a5e-9204-cc0894e6ea4f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMgA5AC4ANAA3AC0AMQAzADcAMQAyADIANAA3ADQAMAA2ADcAOAA2ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 836 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3892512e-e77a-4a5e-9204-cc0894e6ea4f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMgA5AC4ANAA3AC0AMQAzADcAMQAyADIANAA3ADQAMAA2ADcAOAA2ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 835 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3892512e-e77a-4a5e-9204-cc0894e6ea4f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMgA5AC4ANAA3AC0AMQAzADcAMQAyADIANAA3ADQAMAA2ADcAOAA2ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 834 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3892512e-e77a-4a5e-9204-cc0894e6ea4f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMgA5AC4ANAA3AC0AMQAzADcAMQAyADIANAA3ADQAMAA2ADcAOAA2ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 833 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3892512e-e77a-4a5e-9204-cc0894e6ea4f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMgA5AC4ANAA3AC0AMQAzADcAMQAyADIANAA3ADQAMAA2ADcAOAA2ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 832 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3892512e-e77a-4a5e-9204-cc0894e6ea4f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMgA5AC4ANAA3AC0AMQAzADcAMQAyADIANAA3ADQAMAA2ADcAOAA2ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 831 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=29c00431-71d3-4cba-b7a4-96d1da5f7fba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAGcAQQA1AEEAQwA0AEEATgBBAEEAMwBBAEMAMABBAE0AUQBBAHoAQQBEAGMAQQBNAFEAQQB5AEEARABJAEEATgBBAEEAMwBBAEQAUQBBAE0AQQBBADIAQQBEAGMAQQBPAEEAQQAyAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=4b31a0a6-a964-45ff-9485-f2024d0f635e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 830 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=29c00431-71d3-4cba-b7a4-96d1da5f7fba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAGcAQQA1AEEAQwA0AEEATgBBAEEAMwBBAEMAMABBAE0AUQBBAHoAQQBEAGMAQQBNAFEAQQB5AEEARABJAEEATgBBAEEAMwBBAEQAUQBBAE0AQQBBADIAQQBEAGMAQQBPAEEAQQAyAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 829 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=29c00431-71d3-4cba-b7a4-96d1da5f7fba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAGcAQQA1AEEAQwA0AEEATgBBAEEAMwBBAEMAMABBAE0AUQBBAHoAQQBEAGMAQQBNAFEAQQB5AEEARABJAEEATgBBAEEAMwBBAEQAUQBBAE0AQQBBADIAQQBEAGMAQQBPAEEAQQAyAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 828 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=29c00431-71d3-4cba-b7a4-96d1da5f7fba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAGcAQQA1AEEAQwA0AEEATgBBAEEAMwBBAEMAMABBAE0AUQBBAHoAQQBEAGMAQQBNAFEAQQB5AEEARABJAEEATgBBAEEAMwBBAEQAUQBBAE0AQQBBADIAQQBEAGMAQQBPAEEAQQAyAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 827 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=29c00431-71d3-4cba-b7a4-96d1da5f7fba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAGcAQQA1AEEAQwA0AEEATgBBAEEAMwBBAEMAMABBAE0AUQBBAHoAQQBEAGMAQQBNAFEAQQB5AEEARABJAEEATgBBAEEAMwBBAEQAUQBBAE0AQQBBADIAQQBEAGMAQQBPAEEAQQAyAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 826 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=29c00431-71d3-4cba-b7a4-96d1da5f7fba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAGcAQQA1AEEAQwA0AEEATgBBAEEAMwBBAEMAMABBAE0AUQBBAHoAQQBEAGMAQQBNAFEAQQB5AEEARABJAEEATgBBAEEAMwBBAEQAUQBBAE0AQQBBADIAQQBEAGMAQQBPAEEAQQAyAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 825 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=29c00431-71d3-4cba-b7a4-96d1da5f7fba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAGcAQQA1AEEAQwA0AEEATgBBAEEAMwBBAEMAMABBAE0AUQBBAHoAQQBEAGMAQQBNAFEAQQB5AEEARABJAEEATgBBAEEAMwBBAEQAUQBBAE0AQQBBADIAQQBEAGMAQQBPAEEAQQAyAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 824 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ffb9343e-6747-4077-8a8a-9f6dc4948675
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABJAEEATgBBAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEkAQQBOAEEAQQB3AEEARABBAEEATgBnAEEAeABBAEQAawBBAE4AUQBBADEAQQBEAEUAQQBNAFEAQQAwAEEARABnAEEATgB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=3efc03f1-2672-4921-9b38-7a82a4419941
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 823 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88ced22c-5701-4249-ae00-2e3c8363014e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIANAAuADMANwAtADIANAAwADAANgAxADkANQA1ADEAMQA0ADgANwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=ef73f27d-b5a1-40e9-8400-cc07ee543e6e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 822 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88ced22c-5701-4249-ae00-2e3c8363014e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIANAAuADMANwAtADIANAAwADAANgAxADkANQA1ADEAMQA0ADgANwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=ef73f27d-b5a1-40e9-8400-cc07ee543e6e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 821 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88ced22c-5701-4249-ae00-2e3c8363014e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIANAAuADMANwAtADIANAAwADAANgAxADkANQA1ADEAMQA0ADgANwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 820 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88ced22c-5701-4249-ae00-2e3c8363014e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIANAAuADMANwAtADIANAAwADAANgAxADkANQA1ADEAMQA0ADgANwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 819 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88ced22c-5701-4249-ae00-2e3c8363014e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIANAAuADMANwAtADIANAAwADAANgAxADkANQA1ADEAMQA0ADgANwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 818 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88ced22c-5701-4249-ae00-2e3c8363014e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIANAAuADMANwAtADIANAAwADAANgAxADkANQA1ADEAMQA0ADgANwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 817 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88ced22c-5701-4249-ae00-2e3c8363014e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIANAAuADMANwAtADIANAAwADAANgAxADkANQA1ADEAMQA0ADgANwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 816 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88ced22c-5701-4249-ae00-2e3c8363014e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIANAAuADMANwAtADIANAAwADAANgAxADkANQA1ADEAMQA0ADgANwAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 815 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ffb9343e-6747-4077-8a8a-9f6dc4948675
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABJAEEATgBBAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEkAQQBOAEEAQQB3AEEARABBAEEATgBnAEEAeABBAEQAawBBAE4AUQBBADEAQQBEAEUAQQBNAFEAQQAwAEEARABnAEEATgB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=3efc03f1-2672-4921-9b38-7a82a4419941
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 814 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ffb9343e-6747-4077-8a8a-9f6dc4948675
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABJAEEATgBBAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEkAQQBOAEEAQQB3AEEARABBAEEATgBnAEEAeABBAEQAawBBAE4AUQBBADEAQQBEAEUAQQBNAFEAQQAwAEEARABnAEEATgB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 813 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ffb9343e-6747-4077-8a8a-9f6dc4948675
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABJAEEATgBBAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEkAQQBOAEEAQQB3AEEARABBAEEATgBnAEEAeABBAEQAawBBAE4AUQBBADEAQQBEAEUAQQBNAFEAQQAwAEEARABnAEEATgB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 812 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ffb9343e-6747-4077-8a8a-9f6dc4948675
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABJAEEATgBBAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEkAQQBOAEEAQQB3AEEARABBAEEATgBnAEEAeABBAEQAawBBAE4AUQBBADEAQQBEAEUAQQBNAFEAQQAwAEEARABnAEEATgB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 811 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ffb9343e-6747-4077-8a8a-9f6dc4948675
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABJAEEATgBBAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEkAQQBOAEEAQQB3AEEARABBAEEATgBnAEEAeABBAEQAawBBAE4AUQBBADEAQQBEAEUAQQBNAFEAQQAwAEEARABnAEEATgB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 810 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ffb9343e-6747-4077-8a8a-9f6dc4948675
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABJAEEATgBBAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEkAQQBOAEEAQQB3AEEARABBAEEATgBnAEEAeABBAEQAawBBAE4AUQBBADEAQQBEAEUAQQBNAFEAQQAwAEEARABnAEEATgB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 809 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ffb9343e-6747-4077-8a8a-9f6dc4948675
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABJAEEATgBBAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEkAQQBOAEEAQQB3AEEARABBAEEATgBnAEEAeABBAEQAawBBAE4AUQBBADEAQQBEAEUAQQBNAFEAQQAwAEEARABnAEEATgB3AEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 808 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=97b0abc5-6ad7-4caa-8f3f-6cca433bea64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=164c35d9-2076-4a8f-93db-610ce6c6a989
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 807 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab148d21-7662-4f29-9c10-1ada20765fd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d4c18a7e-f328-4a18-bc12-1549ff8052da
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 806 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab148d21-7662-4f29-9c10-1ada20765fd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 805 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab148d21-7662-4f29-9c10-1ada20765fd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 804 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab148d21-7662-4f29-9c10-1ada20765fd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 803 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab148d21-7662-4f29-9c10-1ada20765fd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 802 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab148d21-7662-4f29-9c10-1ada20765fd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 801 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab148d21-7662-4f29-9c10-1ada20765fd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 800 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab148d21-7662-4f29-9c10-1ada20765fd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 799 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ab148d21-7662-4f29-9c10-1ada20765fd0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 798 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=97b0abc5-6ad7-4caa-8f3f-6cca433bea64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=164c35d9-2076-4a8f-93db-610ce6c6a989
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 797 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=97b0abc5-6ad7-4caa-8f3f-6cca433bea64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 796 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=97b0abc5-6ad7-4caa-8f3f-6cca433bea64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 795 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=97b0abc5-6ad7-4caa-8f3f-6cca433bea64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 794 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=97b0abc5-6ad7-4caa-8f3f-6cca433bea64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 793 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=97b0abc5-6ad7-4caa-8f3f-6cca433bea64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 792 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=97b0abc5-6ad7-4caa-8f3f-6cca433bea64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 791 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=adb9af97-09e8-4654-8916-92bf4f72e652
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIANAAuADMANwAtADIANAAwADAANgAxADkANQA1ADEAMQA0ADgANwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=7242f3f0-dc85-43ba-9b4c-c696a4c3c6b3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 790 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=adb9af97-09e8-4654-8916-92bf4f72e652
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIANAAuADMANwAtADIANAAwADAANgAxADkANQA1ADEAMQA0ADgANwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=7242f3f0-dc85-43ba-9b4c-c696a4c3c6b3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 789 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=adb9af97-09e8-4654-8916-92bf4f72e652
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIANAAuADMANwAtADIANAAwADAANgAxADkANQA1ADEAMQA0ADgANwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 788 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=adb9af97-09e8-4654-8916-92bf4f72e652
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIANAAuADMANwAtADIANAAwADAANgAxADkANQA1ADEAMQA0ADgANwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 787 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=adb9af97-09e8-4654-8916-92bf4f72e652
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIANAAuADMANwAtADIANAAwADAANgAxADkANQA1ADEAMQA0ADgANwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 786 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=adb9af97-09e8-4654-8916-92bf4f72e652
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIANAAuADMANwAtADIANAAwADAANgAxADkANQA1ADEAMQA0ADgANwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 785 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=adb9af97-09e8-4654-8916-92bf4f72e652
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIANAAuADMANwAtADIANAAwADAANgAxADkANQA1ADEAMQA0ADgANwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 784 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=adb9af97-09e8-4654-8916-92bf4f72e652
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADIANAAuADMANwAtADIANAAwADAANgAxADkANQA1ADEAMQA0ADgANwAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 783 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=509b8231-855e-4631-9079-cadcc25ae1d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=05421812-0570-45e4-a02c-df031cd2795e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 782 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=03bff7da-5b3b-438a-8198-e91f66cf5ac7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1712a2a7-5c96-4ecf-9358-aa1f9c275f18
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 781 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=03bff7da-5b3b-438a-8198-e91f66cf5ac7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 780 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=03bff7da-5b3b-438a-8198-e91f66cf5ac7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 779 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=03bff7da-5b3b-438a-8198-e91f66cf5ac7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 778 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=03bff7da-5b3b-438a-8198-e91f66cf5ac7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 777 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=03bff7da-5b3b-438a-8198-e91f66cf5ac7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 776 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=03bff7da-5b3b-438a-8198-e91f66cf5ac7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 775 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=03bff7da-5b3b-438a-8198-e91f66cf5ac7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 774 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=03bff7da-5b3b-438a-8198-e91f66cf5ac7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 773 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=509b8231-855e-4631-9079-cadcc25ae1d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=05421812-0570-45e4-a02c-df031cd2795e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 772 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=509b8231-855e-4631-9079-cadcc25ae1d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 771 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=509b8231-855e-4631-9079-cadcc25ae1d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 770 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=509b8231-855e-4631-9079-cadcc25ae1d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 769 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=509b8231-855e-4631-9079-cadcc25ae1d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 768 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=509b8231-855e-4631-9079-cadcc25ae1d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 767 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=509b8231-855e-4631-9079-cadcc25ae1d8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 766 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7a76ebf-6df7-411c-9ae4-014907481b0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAGcAQQAwAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AZwBBADAAQQBEAEEAQQBNAEEAQQAyAEEARABFAEEATwBRAEEAMQBBAEQAVQBBAE0AUQBBAHgAQQBEAFEAQQBPAEEAQQAzAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=cd78cb49-09de-4638-80e9-70aaaf3dc096
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 765 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=405b74c9-dce4-4f65-8ff0-6cb260325a8b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMgA0AC4AMwA3AC0AMgA0ADAAMAA2ADEAOQA1ADUAMQAxADQAOAA3ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=e6cd8ca9-5813-4a58-a392-08f95630b78f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 764 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=405b74c9-dce4-4f65-8ff0-6cb260325a8b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMgA0AC4AMwA3AC0AMgA0ADAAMAA2ADEAOQA1ADUAMQAxADQAOAA3ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=e6cd8ca9-5813-4a58-a392-08f95630b78f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 763 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=405b74c9-dce4-4f65-8ff0-6cb260325a8b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMgA0AC4AMwA3AC0AMgA0ADAAMAA2ADEAOQA1ADUAMQAxADQAOAA3ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 762 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=405b74c9-dce4-4f65-8ff0-6cb260325a8b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMgA0AC4AMwA3AC0AMgA0ADAAMAA2ADEAOQA1ADUAMQAxADQAOAA3ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 761 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=405b74c9-dce4-4f65-8ff0-6cb260325a8b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMgA0AC4AMwA3AC0AMgA0ADAAMAA2ADEAOQA1ADUAMQAxADQAOAA3ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 760 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=405b74c9-dce4-4f65-8ff0-6cb260325a8b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMgA0AC4AMwA3AC0AMgA0ADAAMAA2ADEAOQA1ADUAMQAxADQAOAA3ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 759 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=405b74c9-dce4-4f65-8ff0-6cb260325a8b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMgA0AC4AMwA3AC0AMgA0ADAAMAA2ADEAOQA1ADUAMQAxADQAOAA3ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 758 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=405b74c9-dce4-4f65-8ff0-6cb260325a8b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMgA0AC4AMwA3AC0AMgA0ADAAMAA2ADEAOQA1ADUAMQAxADQAOAA3ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 757 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7a76ebf-6df7-411c-9ae4-014907481b0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAGcAQQAwAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AZwBBADAAQQBEAEEAQQBNAEEAQQAyAEEARABFAEEATwBRAEEAMQBBAEQAVQBBAE0AUQBBAHgAQQBEAFEAQQBPAEEAQQAzAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=cd78cb49-09de-4638-80e9-70aaaf3dc096
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 756 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7a76ebf-6df7-411c-9ae4-014907481b0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAGcAQQAwAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AZwBBADAAQQBEAEEAQQBNAEEAQQAyAEEARABFAEEATwBRAEEAMQBBAEQAVQBBAE0AUQBBAHgAQQBEAFEAQQBPAEEAQQAzAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 755 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7a76ebf-6df7-411c-9ae4-014907481b0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAGcAQQAwAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AZwBBADAAQQBEAEEAQQBNAEEAQQAyAEEARABFAEEATwBRAEEAMQBBAEQAVQBBAE0AUQBBAHgAQQBEAFEAQQBPAEEAQQAzAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 754 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7a76ebf-6df7-411c-9ae4-014907481b0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAGcAQQAwAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AZwBBADAAQQBEAEEAQQBNAEEAQQAyAEEARABFAEEATwBRAEEAMQBBAEQAVQBBAE0AUQBBAHgAQQBEAFEAQQBPAEEAQQAzAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 753 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7a76ebf-6df7-411c-9ae4-014907481b0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAGcAQQAwAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AZwBBADAAQQBEAEEAQQBNAEEAQQAyAEEARABFAEEATwBRAEEAMQBBAEQAVQBBAE0AUQBBAHgAQQBEAFEAQQBPAEEAQQAzAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 752 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7a76ebf-6df7-411c-9ae4-014907481b0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAGcAQQAwAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AZwBBADAAQQBEAEEAQQBNAEEAQQAyAEEARABFAEEATwBRAEEAMQBBAEQAVQBBAE0AUQBBAHgAQQBEAFEAQQBPAEEAQQAzAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 751 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7a76ebf-6df7-411c-9ae4-014907481b0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAGcAQQAwAEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AZwBBADAAQQBEAEEAQQBNAEEAQQAyAEEARABFAEEATwBRAEEAMQBBAEQAVQBBAE0AUQBBAHgAQQBEAFEAQQBPAEEAQQAzAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 750 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07c84241-19ed-4de7-9e81-eab30d02214c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABFAEEATwBRAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAFkAQQBPAFEAQQAwAEEARABjAEEATgBnAEEAeABBAEQAYwBBAE0AUQBBAHkAQQBEAEUAQQBNAEEAQQAwAEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=b375ded0-9791-4f6b-90af-b56b4df9ee68
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 749 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df8dbc70-27c2-4968-a47d-80cd95aa7c18
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEAOQAuADQANQAtADYAOQA0ADcANgAxADcAMQAyADEAMAA0ADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=09650ae1-d752-47cb-a2f5-c664b98fbfd8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 748 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df8dbc70-27c2-4968-a47d-80cd95aa7c18
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEAOQAuADQANQAtADYAOQA0ADcANgAxADcAMQAyADEAMAA0ADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=09650ae1-d752-47cb-a2f5-c664b98fbfd8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 747 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df8dbc70-27c2-4968-a47d-80cd95aa7c18
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEAOQAuADQANQAtADYAOQA0ADcANgAxADcAMQAyADEAMAA0ADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 746 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df8dbc70-27c2-4968-a47d-80cd95aa7c18
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEAOQAuADQANQAtADYAOQA0ADcANgAxADcAMQAyADEAMAA0ADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 745 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df8dbc70-27c2-4968-a47d-80cd95aa7c18
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEAOQAuADQANQAtADYAOQA0ADcANgAxADcAMQAyADEAMAA0ADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 744 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df8dbc70-27c2-4968-a47d-80cd95aa7c18
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEAOQAuADQANQAtADYAOQA0ADcANgAxADcAMQAyADEAMAA0ADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 743 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df8dbc70-27c2-4968-a47d-80cd95aa7c18
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEAOQAuADQANQAtADYAOQA0ADcANgAxADcAMQAyADEAMAA0ADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 742 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df8dbc70-27c2-4968-a47d-80cd95aa7c18
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEAOQAuADQANQAtADYAOQA0ADcANgAxADcAMQAyADEAMAA0ADcAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 741 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07c84241-19ed-4de7-9e81-eab30d02214c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABFAEEATwBRAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAFkAQQBPAFEAQQAwAEEARABjAEEATgBnAEEAeABBAEQAYwBBAE0AUQBBAHkAQQBEAEUAQQBNAEEAQQAwAEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=b375ded0-9791-4f6b-90af-b56b4df9ee68
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 740 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07c84241-19ed-4de7-9e81-eab30d02214c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABFAEEATwBRAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAFkAQQBPAFEAQQAwAEEARABjAEEATgBnAEEAeABBAEQAYwBBAE0AUQBBAHkAQQBEAEUAQQBNAEEAQQAwAEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 739 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07c84241-19ed-4de7-9e81-eab30d02214c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABFAEEATwBRAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAFkAQQBPAFEAQQAwAEEARABjAEEATgBnAEEAeABBAEQAYwBBAE0AUQBBAHkAQQBEAEUAQQBNAEEAQQAwAEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 738 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07c84241-19ed-4de7-9e81-eab30d02214c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABFAEEATwBRAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAFkAQQBPAFEAQQAwAEEARABjAEEATgBnAEEAeABBAEQAYwBBAE0AUQBBAHkAQQBEAEUAQQBNAEEAQQAwAEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 737 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07c84241-19ed-4de7-9e81-eab30d02214c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABFAEEATwBRAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAFkAQQBPAFEAQQAwAEEARABjAEEATgBnAEEAeABBAEQAYwBBAE0AUQBBAHkAQQBEAEUAQQBNAEEAQQAwAEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 736 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07c84241-19ed-4de7-9e81-eab30d02214c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABFAEEATwBRAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAFkAQQBPAFEAQQAwAEEARABjAEEATgBnAEEAeABBAEQAYwBBAE0AUQBBAHkAQQBEAEUAQQBNAEEAQQAwAEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 735 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07c84241-19ed-4de7-9e81-eab30d02214c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABFAEEATwBRAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAFkAQQBPAFEAQQAwAEEARABjAEEATgBnAEEAeABBAEQAYwBBAE0AUQBBAHkAQQBEAEUAQQBNAEEAQQAwAEEARABjAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 734 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=800ac769-c6ae-4ed6-bbeb-6e49d46d1d05
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=68fbeca4-cd83-4fd0-8e96-2d338ff8f6d8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 733 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=164dc396-8c49-47ae-877f-def259c7b27b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1d4ee641-3368-482f-8b6b-4d2ab96edfed
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 732 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=164dc396-8c49-47ae-877f-def259c7b27b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 731 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=164dc396-8c49-47ae-877f-def259c7b27b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 730 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=164dc396-8c49-47ae-877f-def259c7b27b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 729 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=164dc396-8c49-47ae-877f-def259c7b27b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 728 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=164dc396-8c49-47ae-877f-def259c7b27b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 727 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=164dc396-8c49-47ae-877f-def259c7b27b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 726 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=164dc396-8c49-47ae-877f-def259c7b27b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 725 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=164dc396-8c49-47ae-877f-def259c7b27b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 724 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=800ac769-c6ae-4ed6-bbeb-6e49d46d1d05
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=68fbeca4-cd83-4fd0-8e96-2d338ff8f6d8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 723 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=800ac769-c6ae-4ed6-bbeb-6e49d46d1d05
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 722 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=800ac769-c6ae-4ed6-bbeb-6e49d46d1d05
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 721 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=800ac769-c6ae-4ed6-bbeb-6e49d46d1d05
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 720 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=800ac769-c6ae-4ed6-bbeb-6e49d46d1d05
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 719 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=800ac769-c6ae-4ed6-bbeb-6e49d46d1d05
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 718 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=800ac769-c6ae-4ed6-bbeb-6e49d46d1d05
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 717 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=615b008f-4e5e-4aef-9244-de8f8ef8628f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEAOQAuADQANQAtADYAOQA0ADcANgAxADcAMQAyADEAMAA0ADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=de8a3abb-7132-47ad-84c1-6a01fbb90086
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 716 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=615b008f-4e5e-4aef-9244-de8f8ef8628f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEAOQAuADQANQAtADYAOQA0ADcANgAxADcAMQAyADEAMAA0ADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=de8a3abb-7132-47ad-84c1-6a01fbb90086
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 715 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=615b008f-4e5e-4aef-9244-de8f8ef8628f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEAOQAuADQANQAtADYAOQA0ADcANgAxADcAMQAyADEAMAA0ADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 714 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=615b008f-4e5e-4aef-9244-de8f8ef8628f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEAOQAuADQANQAtADYAOQA0ADcANgAxADcAMQAyADEAMAA0ADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 713 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=615b008f-4e5e-4aef-9244-de8f8ef8628f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEAOQAuADQANQAtADYAOQA0ADcANgAxADcAMQAyADEAMAA0ADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 712 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=615b008f-4e5e-4aef-9244-de8f8ef8628f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEAOQAuADQANQAtADYAOQA0ADcANgAxADcAMQAyADEAMAA0ADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 711 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=615b008f-4e5e-4aef-9244-de8f8ef8628f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEAOQAuADQANQAtADYAOQA0ADcANgAxADcAMQAyADEAMAA0ADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 710 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=615b008f-4e5e-4aef-9244-de8f8ef8628f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEAOQAuADQANQAtADYAOQA0ADcANgAxADcAMQAyADEAMAA0ADcAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 709 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bf27bd4-0357-4cc8-a4b3-dca47cd0c65f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bcaf3cc7-afb4-4032-b6d4-339899cc9301
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 708 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fe323fda-09ee-4a0e-a442-6fbecd0f4161
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c97d206d-9ce5-4fc0-9c8b-92f15e8ec5df
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 707 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fe323fda-09ee-4a0e-a442-6fbecd0f4161
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 706 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fe323fda-09ee-4a0e-a442-6fbecd0f4161
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 705 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fe323fda-09ee-4a0e-a442-6fbecd0f4161
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 704 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fe323fda-09ee-4a0e-a442-6fbecd0f4161
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 703 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fe323fda-09ee-4a0e-a442-6fbecd0f4161
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 702 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fe323fda-09ee-4a0e-a442-6fbecd0f4161
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 701 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fe323fda-09ee-4a0e-a442-6fbecd0f4161
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 700 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fe323fda-09ee-4a0e-a442-6fbecd0f4161
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 699 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bf27bd4-0357-4cc8-a4b3-dca47cd0c65f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bcaf3cc7-afb4-4032-b6d4-339899cc9301
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 698 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bf27bd4-0357-4cc8-a4b3-dca47cd0c65f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 697 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bf27bd4-0357-4cc8-a4b3-dca47cd0c65f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 696 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bf27bd4-0357-4cc8-a4b3-dca47cd0c65f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 695 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bf27bd4-0357-4cc8-a4b3-dca47cd0c65f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 694 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bf27bd4-0357-4cc8-a4b3-dca47cd0c65f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 693 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bf27bd4-0357-4cc8-a4b3-dca47cd0c65f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 692 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f91f5eb2-a13b-47f7-9c7a-969ecb0b9d33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAFEAQQA1AEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE4AZwBBADUAQQBEAFEAQQBOAHcAQQAyAEEARABFAEEATgB3AEEAeABBAEQASQBBAE0AUQBBAHcAQQBEAFEAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=c6483f61-6920-42be-adf0-c2d3dbfcc990
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 691 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2d9868f6-0ad6-498e-bb3a-ea1ac8cf1d0d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMQA5AC4ANAA1AC0ANgA5ADQANwA2ADEANwAxADIAMQAwADQANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=e65121c6-8097-4da4-a1bd-60aa9c7c6d66
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 690 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2d9868f6-0ad6-498e-bb3a-ea1ac8cf1d0d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMQA5AC4ANAA1AC0ANgA5ADQANwA2ADEANwAxADIAMQAwADQANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=e65121c6-8097-4da4-a1bd-60aa9c7c6d66
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 689 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2d9868f6-0ad6-498e-bb3a-ea1ac8cf1d0d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMQA5AC4ANAA1AC0ANgA5ADQANwA2ADEANwAxADIAMQAwADQANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 688 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2d9868f6-0ad6-498e-bb3a-ea1ac8cf1d0d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMQA5AC4ANAA1AC0ANgA5ADQANwA2ADEANwAxADIAMQAwADQANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 687 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2d9868f6-0ad6-498e-bb3a-ea1ac8cf1d0d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMQA5AC4ANAA1AC0ANgA5ADQANwA2ADEANwAxADIAMQAwADQANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 686 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2d9868f6-0ad6-498e-bb3a-ea1ac8cf1d0d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMQA5AC4ANAA1AC0ANgA5ADQANwA2ADEANwAxADIAMQAwADQANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 685 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2d9868f6-0ad6-498e-bb3a-ea1ac8cf1d0d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMQA5AC4ANAA1AC0ANgA5ADQANwA2ADEANwAxADIAMQAwADQANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 684 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2d9868f6-0ad6-498e-bb3a-ea1ac8cf1d0d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMQA5AC4ANAA1AC0ANgA5ADQANwA2ADEANwAxADIAMQAwADQANwA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 683 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f91f5eb2-a13b-47f7-9c7a-969ecb0b9d33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAFEAQQA1AEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE4AZwBBADUAQQBEAFEAQQBOAHcAQQAyAEEARABFAEEATgB3AEEAeABBAEQASQBBAE0AUQBBAHcAQQBEAFEAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=c6483f61-6920-42be-adf0-c2d3dbfcc990
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 682 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f91f5eb2-a13b-47f7-9c7a-969ecb0b9d33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAFEAQQA1AEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE4AZwBBADUAQQBEAFEAQQBOAHcAQQAyAEEARABFAEEATgB3AEEAeABBAEQASQBBAE0AUQBBAHcAQQBEAFEAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 681 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f91f5eb2-a13b-47f7-9c7a-969ecb0b9d33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAFEAQQA1AEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE4AZwBBADUAQQBEAFEAQQBOAHcAQQAyAEEARABFAEEATgB3AEEAeABBAEQASQBBAE0AUQBBAHcAQQBEAFEAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 680 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f91f5eb2-a13b-47f7-9c7a-969ecb0b9d33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAFEAQQA1AEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE4AZwBBADUAQQBEAFEAQQBOAHcAQQAyAEEARABFAEEATgB3AEEAeABBAEQASQBBAE0AUQBBAHcAQQBEAFEAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 679 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f91f5eb2-a13b-47f7-9c7a-969ecb0b9d33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAFEAQQA1AEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE4AZwBBADUAQQBEAFEAQQBOAHcAQQAyAEEARABFAEEATgB3AEEAeABBAEQASQBBAE0AUQBBAHcAQQBEAFEAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 678 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f91f5eb2-a13b-47f7-9c7a-969ecb0b9d33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAFEAQQA1AEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE4AZwBBADUAQQBEAFEAQQBOAHcAQQAyAEEARABFAEEATgB3AEEAeABBAEQASQBBAE0AUQBBAHcAQQBEAFEAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 677 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f91f5eb2-a13b-47f7-9c7a-969ecb0b9d33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAFEAQQA1AEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE4AZwBBADUAQQBEAFEAQQBOAHcAQQAyAEEARABFAEEATgB3AEEAeABBAEQASQBBAE0AUQBBAHcAQQBEAFEAQQBOAHcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 676 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9de4abc6-737d-4258-beef-264534a1789c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABFAEEATgBBAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAEUAQQBNAGcAQQAwAEEARABBAEEATgBnAEEANABBAEQAUQBBAE8AQQBBADQAQQBEAGMAQQBNAGcAQQA0AEEARABFAEEATgBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=4379e0e0-2ec8-4af2-b2a2-95194395426d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 675 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7037737-7ba4-478d-8364-bb5c5de219ee
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEANAAuADQANQAtADEAMgA0ADAANgA4ADQAOAA4ADcAMgA4ADEANAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=e5746e66-fba7-4635-9bcf-f90b83ad22c4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 674 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7037737-7ba4-478d-8364-bb5c5de219ee
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEANAAuADQANQAtADEAMgA0ADAANgA4ADQAOAA4ADcAMgA4ADEANAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=e5746e66-fba7-4635-9bcf-f90b83ad22c4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 673 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7037737-7ba4-478d-8364-bb5c5de219ee
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEANAAuADQANQAtADEAMgA0ADAANgA4ADQAOAA4ADcAMgA4ADEANAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 672 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7037737-7ba4-478d-8364-bb5c5de219ee
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEANAAuADQANQAtADEAMgA0ADAANgA4ADQAOAA4ADcAMgA4ADEANAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 671 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7037737-7ba4-478d-8364-bb5c5de219ee
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEANAAuADQANQAtADEAMgA0ADAANgA4ADQAOAA4ADcAMgA4ADEANAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 670 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7037737-7ba4-478d-8364-bb5c5de219ee
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEANAAuADQANQAtADEAMgA0ADAANgA4ADQAOAA4ADcAMgA4ADEANAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 669 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7037737-7ba4-478d-8364-bb5c5de219ee
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEANAAuADQANQAtADEAMgA0ADAANgA4ADQAOAA4ADcAMgA4ADEANAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 668 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7037737-7ba4-478d-8364-bb5c5de219ee
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEANAAuADQANQAtADEAMgA0ADAANgA4ADQAOAA4ADcAMgA4ADEANAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 667 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9de4abc6-737d-4258-beef-264534a1789c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABFAEEATgBBAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAEUAQQBNAGcAQQAwAEEARABBAEEATgBnAEEANABBAEQAUQBBAE8AQQBBADQAQQBEAGMAQQBNAGcAQQA0AEEARABFAEEATgBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=4379e0e0-2ec8-4af2-b2a2-95194395426d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 666 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9de4abc6-737d-4258-beef-264534a1789c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABFAEEATgBBAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAEUAQQBNAGcAQQAwAEEARABBAEEATgBnAEEANABBAEQAUQBBAE8AQQBBADQAQQBEAGMAQQBNAGcAQQA0AEEARABFAEEATgBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 665 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9de4abc6-737d-4258-beef-264534a1789c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABFAEEATgBBAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAEUAQQBNAGcAQQAwAEEARABBAEEATgBnAEEANABBAEQAUQBBAE8AQQBBADQAQQBEAGMAQQBNAGcAQQA0AEEARABFAEEATgBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 664 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9de4abc6-737d-4258-beef-264534a1789c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABFAEEATgBBAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAEUAQQBNAGcAQQAwAEEARABBAEEATgBnAEEANABBAEQAUQBBAE8AQQBBADQAQQBEAGMAQQBNAGcAQQA0AEEARABFAEEATgBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 663 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9de4abc6-737d-4258-beef-264534a1789c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABFAEEATgBBAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAEUAQQBNAGcAQQAwAEEARABBAEEATgBnAEEANABBAEQAUQBBAE8AQQBBADQAQQBEAGMAQQBNAGcAQQA0AEEARABFAEEATgBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 662 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9de4abc6-737d-4258-beef-264534a1789c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABFAEEATgBBAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAEUAQQBNAGcAQQAwAEEARABBAEEATgBnAEEANABBAEQAUQBBAE8AQQBBADQAQQBEAGMAQQBNAGcAQQA0AEEARABFAEEATgBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 661 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9de4abc6-737d-4258-beef-264534a1789c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE0AUQBBADAAQQBEAFUAQQBOAGcAQQAwAEEARABFAEEATgBBAEEAdQBBAEQAUQBBAE4AUQBBAHQAQQBEAEUAQQBNAGcAQQAwAEEARABBAEEATgBnAEEANABBAEQAUQBBAE8AQQBBADQAQQBEAGMAQQBNAGcAQQA0AEEARABFAEEATgBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 660 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5ebc22d0-22bd-4eea-941b-6193747e38c5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e4b5fefd-93f9-4ec7-a2cf-61871b57ba5a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 659 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=415f2cb9-a92e-4ce7-a9ef-6f9a0fa7c63d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ca4dd800-bea1-4751-b6b4-fb6b979cbcd0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 658 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=415f2cb9-a92e-4ce7-a9ef-6f9a0fa7c63d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 657 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=415f2cb9-a92e-4ce7-a9ef-6f9a0fa7c63d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 656 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=415f2cb9-a92e-4ce7-a9ef-6f9a0fa7c63d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 655 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=415f2cb9-a92e-4ce7-a9ef-6f9a0fa7c63d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 654 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=415f2cb9-a92e-4ce7-a9ef-6f9a0fa7c63d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 653 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=415f2cb9-a92e-4ce7-a9ef-6f9a0fa7c63d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 652 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=415f2cb9-a92e-4ce7-a9ef-6f9a0fa7c63d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 651 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=415f2cb9-a92e-4ce7-a9ef-6f9a0fa7c63d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 650 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5ebc22d0-22bd-4eea-941b-6193747e38c5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e4b5fefd-93f9-4ec7-a2cf-61871b57ba5a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 649 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5ebc22d0-22bd-4eea-941b-6193747e38c5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 648 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5ebc22d0-22bd-4eea-941b-6193747e38c5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 647 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5ebc22d0-22bd-4eea-941b-6193747e38c5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 646 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5ebc22d0-22bd-4eea-941b-6193747e38c5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 645 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5ebc22d0-22bd-4eea-941b-6193747e38c5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 644 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5ebc22d0-22bd-4eea-941b-6193747e38c5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 643 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7eb892b-c6de-4c33-8c51-4125f160d954
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEANAAuADQANQAtADEAMgA0ADAANgA4ADQAOAA4ADcAMgA4ADEANAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=c64a4462-00c6-4dd5-a0ac-934c8cce11f0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 642 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7eb892b-c6de-4c33-8c51-4125f160d954
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEANAAuADQANQAtADEAMgA0ADAANgA4ADQAOAA4ADcAMgA4ADEANAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=c64a4462-00c6-4dd5-a0ac-934c8cce11f0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 641 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7eb892b-c6de-4c33-8c51-4125f160d954
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEANAAuADQANQAtADEAMgA0ADAANgA4ADQAOAA4ADcAMgA4ADEANAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 640 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7eb892b-c6de-4c33-8c51-4125f160d954
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEANAAuADQANQAtADEAMgA0ADAANgA4ADQAOAA4ADcAMgA4ADEANAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 639 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7eb892b-c6de-4c33-8c51-4125f160d954
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEANAAuADQANQAtADEAMgA0ADAANgA4ADQAOAA4ADcAMgA4ADEANAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 638 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7eb892b-c6de-4c33-8c51-4125f160d954
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEANAAuADQANQAtADEAMgA0ADAANgA4ADQAOAA4ADcAMgA4ADEANAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 637 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7eb892b-c6de-4c33-8c51-4125f160d954
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEANAAuADQANQAtADEAMgA0ADAANgA4ADQAOAA4ADcAMgA4ADEANAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 636 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7eb892b-c6de-4c33-8c51-4125f160d954
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIAMQA0ADUANgA0ADEANAAuADQANQAtADEAMgA0ADAANgA4ADQAOAA4ADcAMgA4ADEANAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 635 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88dc02ca-2ce3-49e6-a630-b5403512cb8f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=18393a1f-4349-40db-a215-601714384110
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 634 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=92ee88ea-f5d7-49f6-a27f-6cad9f2f9cc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=68208234-7087-4680-8381-3b37796890f2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 633 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=92ee88ea-f5d7-49f6-a27f-6cad9f2f9cc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 632 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=92ee88ea-f5d7-49f6-a27f-6cad9f2f9cc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 631 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=92ee88ea-f5d7-49f6-a27f-6cad9f2f9cc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 630 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=92ee88ea-f5d7-49f6-a27f-6cad9f2f9cc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 629 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=92ee88ea-f5d7-49f6-a27f-6cad9f2f9cc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 628 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=92ee88ea-f5d7-49f6-a27f-6cad9f2f9cc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 627 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=92ee88ea-f5d7-49f6-a27f-6cad9f2f9cc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 626 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=92ee88ea-f5d7-49f6-a27f-6cad9f2f9cc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 625 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88dc02ca-2ce3-49e6-a630-b5403512cb8f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=18393a1f-4349-40db-a215-601714384110
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 624 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88dc02ca-2ce3-49e6-a630-b5403512cb8f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 623 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88dc02ca-2ce3-49e6-a630-b5403512cb8f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 622 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88dc02ca-2ce3-49e6-a630-b5403512cb8f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 621 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88dc02ca-2ce3-49e6-a630-b5403512cb8f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 620 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88dc02ca-2ce3-49e6-a630-b5403512cb8f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 619 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88dc02ca-2ce3-49e6-a630-b5403512cb8f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 618 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36f0abe5-c9b0-4aae-b1be-21ce01dd5db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAFEAQQAwAEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE0AUQBBAHkAQQBEAFEAQQBNAEEAQQAyAEEARABnAEEATgBBAEEANABBAEQAZwBBAE4AdwBBAHkAQQBEAGcAQQBNAFEAQQAwAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=9d63bc2d-87a4-43b2-a957-7eeac258ebd2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 617 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82954626-069c-4d08-bf80-d22f8fd401e3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMQA0AC4ANAA1AC0AMQAyADQAMAA2ADgANAA4ADgANwAyADgAMQA0ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=3469cfdf-0938-4c62-8d64-3dcb478df969
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 616 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82954626-069c-4d08-bf80-d22f8fd401e3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMQA0AC4ANAA1AC0AMQAyADQAMAA2ADgANAA4ADgANwAyADgAMQA0ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=3469cfdf-0938-4c62-8d64-3dcb478df969
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 615 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82954626-069c-4d08-bf80-d22f8fd401e3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMQA0AC4ANAA1AC0AMQAyADQAMAA2ADgANAA4ADgANwAyADgAMQA0ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 614 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82954626-069c-4d08-bf80-d22f8fd401e3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMQA0AC4ANAA1AC0AMQAyADQAMAA2ADgANAA4ADgANwAyADgAMQA0ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 613 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82954626-069c-4d08-bf80-d22f8fd401e3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMQA0AC4ANAA1AC0AMQAyADQAMAA2ADgANAA4ADgANwAyADgAMQA0ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 612 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82954626-069c-4d08-bf80-d22f8fd401e3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMQA0AC4ANAA1AC0AMQAyADQAMAA2ADgANAA4ADgANwAyADgAMQA0ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 611 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82954626-069c-4d08-bf80-d22f8fd401e3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMQA0AC4ANAA1AC0AMQAyADQAMAA2ADgANAA4ADgANwAyADgAMQA0ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 610 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82954626-069c-4d08-bf80-d22f8fd401e3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgAxADQANQA2ADQAMQA0AC4ANAA1AC0AMQAyADQAMAA2ADgANAA4ADgANwAyADgAMQA0ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 609 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36f0abe5-c9b0-4aae-b1be-21ce01dd5db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAFEAQQAwAEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE0AUQBBAHkAQQBEAFEAQQBNAEEAQQAyAEEARABnAEEATgBBAEEANABBAEQAZwBBAE4AdwBBAHkAQQBEAGcAQQBNAFEAQQAwAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=9d63bc2d-87a4-43b2-a957-7eeac258ebd2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 608 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36f0abe5-c9b0-4aae-b1be-21ce01dd5db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAFEAQQAwAEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE0AUQBBAHkAQQBEAFEAQQBNAEEAQQAyAEEARABnAEEATgBBAEEANABBAEQAZwBBAE4AdwBBAHkAQQBEAGcAQQBNAFEAQQAwAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 607 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36f0abe5-c9b0-4aae-b1be-21ce01dd5db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAFEAQQAwAEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE0AUQBBAHkAQQBEAFEAQQBNAEEAQQAyAEEARABnAEEATgBBAEEANABBAEQAZwBBAE4AdwBBAHkAQQBEAGcAQQBNAFEAQQAwAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 606 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36f0abe5-c9b0-4aae-b1be-21ce01dd5db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAFEAQQAwAEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE0AUQBBAHkAQQBEAFEAQQBNAEEAQQAyAEEARABnAEEATgBBAEEANABBAEQAZwBBAE4AdwBBAHkAQQBEAGcAQQBNAFEAQQAwAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 605 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36f0abe5-c9b0-4aae-b1be-21ce01dd5db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAFEAQQAwAEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE0AUQBBAHkAQQBEAFEAQQBNAEEAQQAyAEEARABnAEEATgBBAEEANABBAEQAZwBBAE4AdwBBAHkAQQBEAGcAQQBNAFEAQQAwAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 604 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36f0abe5-c9b0-4aae-b1be-21ce01dd5db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAFEAQQAwAEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE0AUQBBAHkAQQBEAFEAQQBNAEEAQQAyAEEARABnAEEATgBBAEEANABBAEQAZwBBAE4AdwBBAHkAQQBEAGcAQQBNAFEAQQAwAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 603 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=36f0abe5-c9b0-4aae-b1be-21ce01dd5db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAeABBAEQAUQBBAE4AUQBBADIAQQBEAFEAQQBNAFEAQQAwAEEAQwA0AEEATgBBAEEAMQBBAEMAMABBAE0AUQBBAHkAQQBEAFEAQQBNAEEAQQAyAEEARABnAEEATgBBAEEANABBAEQAZwBBAE4AdwBBAHkAQQBEAGcAQQBNAFEAQQAwAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 602 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=abd5d756-12aa-4103-bdcb-75e8555959d2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=18181b58-6de4-4c17-8ac7-0c3ba9f53254
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 601 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e844a8cc-4343-482a-b4d8-bc9d686fb72b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3f78c615-b5cf-4e35-8c97-894d6e9bd76a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 600 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e844a8cc-4343-482a-b4d8-bc9d686fb72b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 599 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e844a8cc-4343-482a-b4d8-bc9d686fb72b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 598 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e844a8cc-4343-482a-b4d8-bc9d686fb72b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 597 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e844a8cc-4343-482a-b4d8-bc9d686fb72b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 596 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e844a8cc-4343-482a-b4d8-bc9d686fb72b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 595 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e844a8cc-4343-482a-b4d8-bc9d686fb72b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 594 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e844a8cc-4343-482a-b4d8-bc9d686fb72b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 593 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e844a8cc-4343-482a-b4d8-bc9d686fb72b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 592 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=abd5d756-12aa-4103-bdcb-75e8555959d2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=18181b58-6de4-4c17-8ac7-0c3ba9f53254
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 591 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=abd5d756-12aa-4103-bdcb-75e8555959d2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 590 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=abd5d756-12aa-4103-bdcb-75e8555959d2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 589 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=abd5d756-12aa-4103-bdcb-75e8555959d2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 588 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=abd5d756-12aa-4103-bdcb-75e8555959d2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 587 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=abd5d756-12aa-4103-bdcb-75e8555959d2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 586 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=abd5d756-12aa-4103-bdcb-75e8555959d2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 585 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=223389c0-9f53-4450-b132-675049742040
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=69436065-5120-44bd-8ba9-6d06b1405f6a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 584 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d61340d-e61f-46b9-b33b-2a23fca45ce4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8729d8d1-ba06-47f3-8cea-f277726d4c1c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 583 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d61340d-e61f-46b9-b33b-2a23fca45ce4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 582 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d61340d-e61f-46b9-b33b-2a23fca45ce4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 581 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d61340d-e61f-46b9-b33b-2a23fca45ce4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 580 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d61340d-e61f-46b9-b33b-2a23fca45ce4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 579 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d61340d-e61f-46b9-b33b-2a23fca45ce4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 578 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d61340d-e61f-46b9-b33b-2a23fca45ce4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 577 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d61340d-e61f-46b9-b33b-2a23fca45ce4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 576 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d61340d-e61f-46b9-b33b-2a23fca45ce4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 575 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=223389c0-9f53-4450-b132-675049742040
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=69436065-5120-44bd-8ba9-6d06b1405f6a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 574 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=223389c0-9f53-4450-b132-675049742040
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 573 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=223389c0-9f53-4450-b132-675049742040
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 572 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=223389c0-9f53-4450-b132-675049742040
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 571 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=223389c0-9f53-4450-b132-675049742040
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 570 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=223389c0-9f53-4450-b132-675049742040
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 569 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=223389c0-9f53-4450-b132-675049742040
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 568 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24ca9592-5826-4846-b2d1-734fe471e6d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0f8fc02f-ee47-416f-98f2-8d42acd063ba
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 567 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d7cfcef9-9da2-4cd2-ae82-b06faeae39a2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b39578b3-dadd-4ffa-8d1b-3b6c07d67503
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 566 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d7cfcef9-9da2-4cd2-ae82-b06faeae39a2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b39578b3-dadd-4ffa-8d1b-3b6c07d67503
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 565 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d7cfcef9-9da2-4cd2-ae82-b06faeae39a2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 564 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d7cfcef9-9da2-4cd2-ae82-b06faeae39a2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 563 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d7cfcef9-9da2-4cd2-ae82-b06faeae39a2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 562 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d7cfcef9-9da2-4cd2-ae82-b06faeae39a2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 561 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d7cfcef9-9da2-4cd2-ae82-b06faeae39a2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 560 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d7cfcef9-9da2-4cd2-ae82-b06faeae39a2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 559 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d7cfcef9-9da2-4cd2-ae82-b06faeae39a2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 558 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d7cfcef9-9da2-4cd2-ae82-b06faeae39a2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 557 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24ca9592-5826-4846-b2d1-734fe471e6d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0f8fc02f-ee47-416f-98f2-8d42acd063ba
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 556 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24ca9592-5826-4846-b2d1-734fe471e6d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 555 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24ca9592-5826-4846-b2d1-734fe471e6d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 554 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24ca9592-5826-4846-b2d1-734fe471e6d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 553 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24ca9592-5826-4846-b2d1-734fe471e6d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 552 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24ca9592-5826-4846-b2d1-734fe471e6d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 551 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24ca9592-5826-4846-b2d1-734fe471e6d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 550 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=481a8c2b-cb4b-47dc-ac3d-6c6819378e43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e539a337-4528-4c7f-9d2b-d0c99fa71e6f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 549 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5ebc10e3-3355-49f7-9a5f-927585c795bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4c6a7f31-0f83-42b7-9c97-6a12018d53be
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 548 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5ebc10e3-3355-49f7-9a5f-927585c795bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 547 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5ebc10e3-3355-49f7-9a5f-927585c795bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 546 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5ebc10e3-3355-49f7-9a5f-927585c795bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 545 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5ebc10e3-3355-49f7-9a5f-927585c795bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 544 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5ebc10e3-3355-49f7-9a5f-927585c795bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 543 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5ebc10e3-3355-49f7-9a5f-927585c795bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 542 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5ebc10e3-3355-49f7-9a5f-927585c795bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 541 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5ebc10e3-3355-49f7-9a5f-927585c795bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 540 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=481a8c2b-cb4b-47dc-ac3d-6c6819378e43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e539a337-4528-4c7f-9d2b-d0c99fa71e6f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 539 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=481a8c2b-cb4b-47dc-ac3d-6c6819378e43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 538 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=481a8c2b-cb4b-47dc-ac3d-6c6819378e43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 537 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=481a8c2b-cb4b-47dc-ac3d-6c6819378e43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 536 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=481a8c2b-cb4b-47dc-ac3d-6c6819378e43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 535 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=481a8c2b-cb4b-47dc-ac3d-6c6819378e43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 534 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=481a8c2b-cb4b-47dc-ac3d-6c6819378e43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 533 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74bf994b-a840-43e5-8c77-2cb3cca698f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2b48f8a2-ecfc-4faf-80cd-3a624237fa8b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 532 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a530e32f-8f2d-43da-a666-be1cfa864553
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=43107965-2385-49fb-b3b9-b0e12d6605c5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 531 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a530e32f-8f2d-43da-a666-be1cfa864553
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 530 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a530e32f-8f2d-43da-a666-be1cfa864553
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 529 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a530e32f-8f2d-43da-a666-be1cfa864553
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 528 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a530e32f-8f2d-43da-a666-be1cfa864553
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 527 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a530e32f-8f2d-43da-a666-be1cfa864553
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 526 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a530e32f-8f2d-43da-a666-be1cfa864553
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 525 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a530e32f-8f2d-43da-a666-be1cfa864553
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 524 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a530e32f-8f2d-43da-a666-be1cfa864553
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 523 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74bf994b-a840-43e5-8c77-2cb3cca698f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2b48f8a2-ecfc-4faf-80cd-3a624237fa8b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 522 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74bf994b-a840-43e5-8c77-2cb3cca698f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 521 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74bf994b-a840-43e5-8c77-2cb3cca698f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 520 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74bf994b-a840-43e5-8c77-2cb3cca698f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 519 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74bf994b-a840-43e5-8c77-2cb3cca698f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 518 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74bf994b-a840-43e5-8c77-2cb3cca698f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 517 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74bf994b-a840-43e5-8c77-2cb3cca698f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 516 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f51e8108-6c5d-4927-a2ca-34f3780d9883
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bd631154-86d1-4801-886a-174464af7731
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 515 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b84a7cfb-e007-459a-bd47-c455f1e06db3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2de334d1-97f2-42d1-8b25-f8bbf4e94939
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 514 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b84a7cfb-e007-459a-bd47-c455f1e06db3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 513 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b84a7cfb-e007-459a-bd47-c455f1e06db3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 512 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b84a7cfb-e007-459a-bd47-c455f1e06db3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 511 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b84a7cfb-e007-459a-bd47-c455f1e06db3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 510 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b84a7cfb-e007-459a-bd47-c455f1e06db3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 509 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b84a7cfb-e007-459a-bd47-c455f1e06db3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 508 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b84a7cfb-e007-459a-bd47-c455f1e06db3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 507 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b84a7cfb-e007-459a-bd47-c455f1e06db3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 506 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f51e8108-6c5d-4927-a2ca-34f3780d9883
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bd631154-86d1-4801-886a-174464af7731
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 505 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f51e8108-6c5d-4927-a2ca-34f3780d9883
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 504 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f51e8108-6c5d-4927-a2ca-34f3780d9883
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 503 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f51e8108-6c5d-4927-a2ca-34f3780d9883
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 502 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f51e8108-6c5d-4927-a2ca-34f3780d9883
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 501 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f51e8108-6c5d-4927-a2ca-34f3780d9883
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 500 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f51e8108-6c5d-4927-a2ca-34f3780d9883
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 499 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a7f1700-0d4a-4fe2-ab5c-39e79eb77d14
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=df41c962-a4ea-4738-89d7-86c9207c2faa
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 498 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c9d1f1e1-c2ac-4de8-bff6-3fb9d40cba6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=17725902-8465-43bb-9f19-710e782e2161
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 497 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c9d1f1e1-c2ac-4de8-bff6-3fb9d40cba6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 496 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c9d1f1e1-c2ac-4de8-bff6-3fb9d40cba6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 495 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c9d1f1e1-c2ac-4de8-bff6-3fb9d40cba6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 494 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c9d1f1e1-c2ac-4de8-bff6-3fb9d40cba6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 493 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c9d1f1e1-c2ac-4de8-bff6-3fb9d40cba6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 492 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c9d1f1e1-c2ac-4de8-bff6-3fb9d40cba6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 491 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c9d1f1e1-c2ac-4de8-bff6-3fb9d40cba6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 490 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c9d1f1e1-c2ac-4de8-bff6-3fb9d40cba6a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 489 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a7f1700-0d4a-4fe2-ab5c-39e79eb77d14
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=df41c962-a4ea-4738-89d7-86c9207c2faa
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 488 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a7f1700-0d4a-4fe2-ab5c-39e79eb77d14
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 487 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a7f1700-0d4a-4fe2-ab5c-39e79eb77d14
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 486 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a7f1700-0d4a-4fe2-ab5c-39e79eb77d14
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 485 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a7f1700-0d4a-4fe2-ab5c-39e79eb77d14
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 484 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a7f1700-0d4a-4fe2-ab5c-39e79eb77d14
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 483 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a7f1700-0d4a-4fe2-ab5c-39e79eb77d14
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 482 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df2efde0-eef7-4806-917a-7d41d5a8cba9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e34ec390-3a0f-4283-ac99-b11672e402ef
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 481 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=91635f15-4933-4be0-9d8e-b35fa62e5cad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8126d9c6-2e3e-47bc-a82a-cdae3e2c2c58
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 480 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=91635f15-4933-4be0-9d8e-b35fa62e5cad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 479 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=91635f15-4933-4be0-9d8e-b35fa62e5cad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 478 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=91635f15-4933-4be0-9d8e-b35fa62e5cad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 477 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=91635f15-4933-4be0-9d8e-b35fa62e5cad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 476 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=91635f15-4933-4be0-9d8e-b35fa62e5cad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 475 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=91635f15-4933-4be0-9d8e-b35fa62e5cad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 474 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=91635f15-4933-4be0-9d8e-b35fa62e5cad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 473 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=91635f15-4933-4be0-9d8e-b35fa62e5cad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 472 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df2efde0-eef7-4806-917a-7d41d5a8cba9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e34ec390-3a0f-4283-ac99-b11672e402ef
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 471 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df2efde0-eef7-4806-917a-7d41d5a8cba9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 470 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df2efde0-eef7-4806-917a-7d41d5a8cba9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 469 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df2efde0-eef7-4806-917a-7d41d5a8cba9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 468 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df2efde0-eef7-4806-917a-7d41d5a8cba9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 467 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df2efde0-eef7-4806-917a-7d41d5a8cba9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 466 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df2efde0-eef7-4806-917a-7d41d5a8cba9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 465 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aed1a914-e0df-4393-a380-f62248d77164
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=050c00e0-1451-4758-9fcc-b872b281886b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 464 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=573509c4-75b1-473f-851f-d419b9bee1db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=069a1654-d162-43c1-bdab-36e86f0cfa20
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 463 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=573509c4-75b1-473f-851f-d419b9bee1db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 462 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=573509c4-75b1-473f-851f-d419b9bee1db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 461 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=573509c4-75b1-473f-851f-d419b9bee1db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 460 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=573509c4-75b1-473f-851f-d419b9bee1db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 459 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=573509c4-75b1-473f-851f-d419b9bee1db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 458 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=573509c4-75b1-473f-851f-d419b9bee1db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 457 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=573509c4-75b1-473f-851f-d419b9bee1db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 456 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=573509c4-75b1-473f-851f-d419b9bee1db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 455 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aed1a914-e0df-4393-a380-f62248d77164
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=050c00e0-1451-4758-9fcc-b872b281886b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 454 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aed1a914-e0df-4393-a380-f62248d77164
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 453 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aed1a914-e0df-4393-a380-f62248d77164
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 452 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aed1a914-e0df-4393-a380-f62248d77164
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 451 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aed1a914-e0df-4393-a380-f62248d77164
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 450 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aed1a914-e0df-4393-a380-f62248d77164
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 449 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aed1a914-e0df-4393-a380-f62248d77164
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 448 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=76237914-45a3-426e-bbbb-adc34128a08c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9032ec2f-c7f7-4a4c-a940-46dafe5e5a38
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 447 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e2850fa0-66e6-443c-881d-0be285345359
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8acd03d9-56c3-45e8-8bec-67ecfff1b51e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 446 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e2850fa0-66e6-443c-881d-0be285345359
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 445 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e2850fa0-66e6-443c-881d-0be285345359
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 444 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e2850fa0-66e6-443c-881d-0be285345359
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 443 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e2850fa0-66e6-443c-881d-0be285345359
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 442 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e2850fa0-66e6-443c-881d-0be285345359
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 441 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e2850fa0-66e6-443c-881d-0be285345359
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 440 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e2850fa0-66e6-443c-881d-0be285345359
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 439 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e2850fa0-66e6-443c-881d-0be285345359
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 438 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=76237914-45a3-426e-bbbb-adc34128a08c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9032ec2f-c7f7-4a4c-a940-46dafe5e5a38
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 437 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=76237914-45a3-426e-bbbb-adc34128a08c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 436 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=76237914-45a3-426e-bbbb-adc34128a08c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 435 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=76237914-45a3-426e-bbbb-adc34128a08c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 434 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=76237914-45a3-426e-bbbb-adc34128a08c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 433 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=76237914-45a3-426e-bbbb-adc34128a08c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 432 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=76237914-45a3-426e-bbbb-adc34128a08c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 431 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35673b74-448e-481a-9272-69e3bddf88e7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a849dd9a-f200-46a8-b504-e39b6e4150d3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 430 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ea6341b4-c0c5-450c-bba2-f93e590162ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2293ab6b-fb85-4d93-8698-1c74eba157ba
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 429 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ea6341b4-c0c5-450c-bba2-f93e590162ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2293ab6b-fb85-4d93-8698-1c74eba157ba
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 428 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ea6341b4-c0c5-450c-bba2-f93e590162ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 427 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ea6341b4-c0c5-450c-bba2-f93e590162ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 426 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ea6341b4-c0c5-450c-bba2-f93e590162ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 425 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ea6341b4-c0c5-450c-bba2-f93e590162ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 424 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ea6341b4-c0c5-450c-bba2-f93e590162ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 423 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ea6341b4-c0c5-450c-bba2-f93e590162ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 422 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ea6341b4-c0c5-450c-bba2-f93e590162ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 421 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ea6341b4-c0c5-450c-bba2-f93e590162ab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 420 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35673b74-448e-481a-9272-69e3bddf88e7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a849dd9a-f200-46a8-b504-e39b6e4150d3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 419 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35673b74-448e-481a-9272-69e3bddf88e7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 418 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35673b74-448e-481a-9272-69e3bddf88e7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 417 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35673b74-448e-481a-9272-69e3bddf88e7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 416 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35673b74-448e-481a-9272-69e3bddf88e7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 415 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35673b74-448e-481a-9272-69e3bddf88e7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 414 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35673b74-448e-481a-9272-69e3bddf88e7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 413 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80aa80e7-0a51-40c2-b1bd-a341f206b209
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=29b29338-d1d6-4896-8d19-092b8542adb4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 412 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6005e6c2-1bf4-40e0-b7cc-e6b3f671d165
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4b331d16-a7f7-4502-9532-a0d1d2ef66f3
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 411 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6005e6c2-1bf4-40e0-b7cc-e6b3f671d165
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4b331d16-a7f7-4502-9532-a0d1d2ef66f3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 410 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6005e6c2-1bf4-40e0-b7cc-e6b3f671d165
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 409 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6005e6c2-1bf4-40e0-b7cc-e6b3f671d165
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 408 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6005e6c2-1bf4-40e0-b7cc-e6b3f671d165
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 407 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6005e6c2-1bf4-40e0-b7cc-e6b3f671d165
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 406 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6005e6c2-1bf4-40e0-b7cc-e6b3f671d165
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 405 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6005e6c2-1bf4-40e0-b7cc-e6b3f671d165
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 404 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6005e6c2-1bf4-40e0-b7cc-e6b3f671d165
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 403 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6005e6c2-1bf4-40e0-b7cc-e6b3f671d165
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 402 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80aa80e7-0a51-40c2-b1bd-a341f206b209
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=29b29338-d1d6-4896-8d19-092b8542adb4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 401 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80aa80e7-0a51-40c2-b1bd-a341f206b209
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 400 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80aa80e7-0a51-40c2-b1bd-a341f206b209
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 399 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80aa80e7-0a51-40c2-b1bd-a341f206b209
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 398 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80aa80e7-0a51-40c2-b1bd-a341f206b209
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 397 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80aa80e7-0a51-40c2-b1bd-a341f206b209
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 396 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80aa80e7-0a51-40c2-b1bd-a341f206b209
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 395 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:33:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42fe4e18-1ad0-43e3-9a21-96a0ace6768e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1999f060-b52e-4363-8ebb-ce0e7606861c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 394 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f3ac230-4d25-4b47-9440-24d293331327
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8e329cca-54c5-44b7-a9cb-a0e6f0b404e5
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 393 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f3ac230-4d25-4b47-9440-24d293331327
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8e329cca-54c5-44b7-a9cb-a0e6f0b404e5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 392 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f3ac230-4d25-4b47-9440-24d293331327
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 391 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f3ac230-4d25-4b47-9440-24d293331327
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 390 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f3ac230-4d25-4b47-9440-24d293331327
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 389 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f3ac230-4d25-4b47-9440-24d293331327
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 388 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f3ac230-4d25-4b47-9440-24d293331327
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 387 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f3ac230-4d25-4b47-9440-24d293331327
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 386 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f3ac230-4d25-4b47-9440-24d293331327
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 385 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f3ac230-4d25-4b47-9440-24d293331327
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 384 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42fe4e18-1ad0-43e3-9a21-96a0ace6768e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1999f060-b52e-4363-8ebb-ce0e7606861c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 383 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42fe4e18-1ad0-43e3-9a21-96a0ace6768e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 382 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42fe4e18-1ad0-43e3-9a21-96a0ace6768e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 381 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42fe4e18-1ad0-43e3-9a21-96a0ace6768e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 380 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42fe4e18-1ad0-43e3-9a21-96a0ace6768e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 379 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42fe4e18-1ad0-43e3-9a21-96a0ace6768e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 378 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42fe4e18-1ad0-43e3-9a21-96a0ace6768e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 377 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a610273-ac6c-497f-8a95-3ed1b92d15bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2ddae1a3-c419-4522-94f5-b21341ff5d35
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 376 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=226afad3-0f27-4eb8-bfff-36797831f4c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bb2bb6fe-919a-4a03-9106-d9de52db08e0
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 375 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=226afad3-0f27-4eb8-bfff-36797831f4c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bb2bb6fe-919a-4a03-9106-d9de52db08e0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 374 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=226afad3-0f27-4eb8-bfff-36797831f4c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 373 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=226afad3-0f27-4eb8-bfff-36797831f4c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 372 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=226afad3-0f27-4eb8-bfff-36797831f4c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 371 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=226afad3-0f27-4eb8-bfff-36797831f4c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 370 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=226afad3-0f27-4eb8-bfff-36797831f4c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 369 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=226afad3-0f27-4eb8-bfff-36797831f4c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 368 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=226afad3-0f27-4eb8-bfff-36797831f4c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 367 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=226afad3-0f27-4eb8-bfff-36797831f4c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 366 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a610273-ac6c-497f-8a95-3ed1b92d15bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2ddae1a3-c419-4522-94f5-b21341ff5d35
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 365 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a610273-ac6c-497f-8a95-3ed1b92d15bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 364 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a610273-ac6c-497f-8a95-3ed1b92d15bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 363 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a610273-ac6c-497f-8a95-3ed1b92d15bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 362 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a610273-ac6c-497f-8a95-3ed1b92d15bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 361 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a610273-ac6c-497f-8a95-3ed1b92d15bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 360 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a610273-ac6c-497f-8a95-3ed1b92d15bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 359 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a7a744c-d9c8-424f-a62d-9ca2c8e99efe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0351d6b8-3b37-4015-8bac-4fb91610a4ab
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 358 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=838e9ab6-f901-48a7-9886-6c82a1ce4c44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9af6dadb-1412-481a-bdd4-91ed5dc63b35
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 357 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=838e9ab6-f901-48a7-9886-6c82a1ce4c44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9af6dadb-1412-481a-bdd4-91ed5dc63b35
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 356 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=838e9ab6-f901-48a7-9886-6c82a1ce4c44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 355 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=838e9ab6-f901-48a7-9886-6c82a1ce4c44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 354 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=838e9ab6-f901-48a7-9886-6c82a1ce4c44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 353 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=838e9ab6-f901-48a7-9886-6c82a1ce4c44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 352 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=838e9ab6-f901-48a7-9886-6c82a1ce4c44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 351 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=838e9ab6-f901-48a7-9886-6c82a1ce4c44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 350 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=838e9ab6-f901-48a7-9886-6c82a1ce4c44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 349 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=838e9ab6-f901-48a7-9886-6c82a1ce4c44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 348 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a7a744c-d9c8-424f-a62d-9ca2c8e99efe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0351d6b8-3b37-4015-8bac-4fb91610a4ab
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 347 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a7a744c-d9c8-424f-a62d-9ca2c8e99efe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 346 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a7a744c-d9c8-424f-a62d-9ca2c8e99efe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 345 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a7a744c-d9c8-424f-a62d-9ca2c8e99efe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 344 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a7a744c-d9c8-424f-a62d-9ca2c8e99efe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 343 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a7a744c-d9c8-424f-a62d-9ca2c8e99efe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 342 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a7a744c-d9c8-424f-a62d-9ca2c8e99efe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 341 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=732e26df-6b05-4ffe-9e9a-e4db13491fc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2a7fb8d2-d06b-4db1-9356-f38ed892f4cf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 340 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=15fdb68c-bc81-4c52-9cd6-8bb63f71804f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7e70a182-d9a0-460b-939b-4bd1066ffb87
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 339 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=15fdb68c-bc81-4c52-9cd6-8bb63f71804f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7e70a182-d9a0-460b-939b-4bd1066ffb87
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 338 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=15fdb68c-bc81-4c52-9cd6-8bb63f71804f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 337 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=15fdb68c-bc81-4c52-9cd6-8bb63f71804f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 336 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=15fdb68c-bc81-4c52-9cd6-8bb63f71804f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 335 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=15fdb68c-bc81-4c52-9cd6-8bb63f71804f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 334 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=15fdb68c-bc81-4c52-9cd6-8bb63f71804f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 333 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=15fdb68c-bc81-4c52-9cd6-8bb63f71804f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 332 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=15fdb68c-bc81-4c52-9cd6-8bb63f71804f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 331 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=15fdb68c-bc81-4c52-9cd6-8bb63f71804f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 330 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=732e26df-6b05-4ffe-9e9a-e4db13491fc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2a7fb8d2-d06b-4db1-9356-f38ed892f4cf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 329 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=732e26df-6b05-4ffe-9e9a-e4db13491fc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 328 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=732e26df-6b05-4ffe-9e9a-e4db13491fc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 327 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=732e26df-6b05-4ffe-9e9a-e4db13491fc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 326 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=732e26df-6b05-4ffe-9e9a-e4db13491fc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 325 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=732e26df-6b05-4ffe-9e9a-e4db13491fc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 324 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=732e26df-6b05-4ffe-9e9a-e4db13491fc5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 323 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f22a964-28ba-4b6a-bc6c-0ff7dd6b4f38
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c68d4411-e338-4500-a85e-0f32c8dbb36e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 322 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=92b93aa8-9457-4176-a89c-5f9d5cf23a23
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7f98628c-6f28-4ac8-b21e-f8b956b8782b
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 321 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=92b93aa8-9457-4176-a89c-5f9d5cf23a23
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7f98628c-6f28-4ac8-b21e-f8b956b8782b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 320 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=92b93aa8-9457-4176-a89c-5f9d5cf23a23
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 319 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=92b93aa8-9457-4176-a89c-5f9d5cf23a23
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 318 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=92b93aa8-9457-4176-a89c-5f9d5cf23a23
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 317 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=92b93aa8-9457-4176-a89c-5f9d5cf23a23
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 316 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=92b93aa8-9457-4176-a89c-5f9d5cf23a23
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 315 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=92b93aa8-9457-4176-a89c-5f9d5cf23a23
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 314 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=92b93aa8-9457-4176-a89c-5f9d5cf23a23
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 313 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=92b93aa8-9457-4176-a89c-5f9d5cf23a23
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 312 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f22a964-28ba-4b6a-bc6c-0ff7dd6b4f38
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c68d4411-e338-4500-a85e-0f32c8dbb36e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 311 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f22a964-28ba-4b6a-bc6c-0ff7dd6b4f38
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 310 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f22a964-28ba-4b6a-bc6c-0ff7dd6b4f38
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 309 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f22a964-28ba-4b6a-bc6c-0ff7dd6b4f38
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 308 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f22a964-28ba-4b6a-bc6c-0ff7dd6b4f38
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 307 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f22a964-28ba-4b6a-bc6c-0ff7dd6b4f38
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 306 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f22a964-28ba-4b6a-bc6c-0ff7dd6b4f38
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 305 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ad94788-ff5e-4449-a361-29324a21a616
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=da4b97b0-eae9-4348-a735-ab50ef5225a9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 304 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=358f501d-d3aa-49a7-a69b-0c8ef6412262
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1fd90094-c95f-41dd-8f97-ad9638ea6c93
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 303 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=358f501d-d3aa-49a7-a69b-0c8ef6412262
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1fd90094-c95f-41dd-8f97-ad9638ea6c93
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 302 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=358f501d-d3aa-49a7-a69b-0c8ef6412262
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 301 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=358f501d-d3aa-49a7-a69b-0c8ef6412262
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 300 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=358f501d-d3aa-49a7-a69b-0c8ef6412262
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 299 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=358f501d-d3aa-49a7-a69b-0c8ef6412262
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 298 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=358f501d-d3aa-49a7-a69b-0c8ef6412262
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 297 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=358f501d-d3aa-49a7-a69b-0c8ef6412262
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 296 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=358f501d-d3aa-49a7-a69b-0c8ef6412262
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 295 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=358f501d-d3aa-49a7-a69b-0c8ef6412262
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 294 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ad94788-ff5e-4449-a361-29324a21a616
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=da4b97b0-eae9-4348-a735-ab50ef5225a9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 293 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ad94788-ff5e-4449-a361-29324a21a616
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 292 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ad94788-ff5e-4449-a361-29324a21a616
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 291 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ad94788-ff5e-4449-a361-29324a21a616
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 290 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ad94788-ff5e-4449-a361-29324a21a616
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 289 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ad94788-ff5e-4449-a361-29324a21a616
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 288 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6ad94788-ff5e-4449-a361-29324a21a616
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 287 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=06e054f7-bfe9-4bd4-bfe5-efa356fad9e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5e23346c-2566-4c1f-a20e-814ec90ede76
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 286 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=aca2a100-22cb-4902-98f7-fc82285b75ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d139d12d-6fb5-49e6-b520-38dbaaeb9c22
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 285 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=aca2a100-22cb-4902-98f7-fc82285b75ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d139d12d-6fb5-49e6-b520-38dbaaeb9c22
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 284 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=aca2a100-22cb-4902-98f7-fc82285b75ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 283 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=aca2a100-22cb-4902-98f7-fc82285b75ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 282 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=aca2a100-22cb-4902-98f7-fc82285b75ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 281 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=aca2a100-22cb-4902-98f7-fc82285b75ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 280 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=aca2a100-22cb-4902-98f7-fc82285b75ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 279 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=aca2a100-22cb-4902-98f7-fc82285b75ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 278 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=aca2a100-22cb-4902-98f7-fc82285b75ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 277 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=aca2a100-22cb-4902-98f7-fc82285b75ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 276 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=06e054f7-bfe9-4bd4-bfe5-efa356fad9e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5e23346c-2566-4c1f-a20e-814ec90ede76
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 275 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=06e054f7-bfe9-4bd4-bfe5-efa356fad9e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 274 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=06e054f7-bfe9-4bd4-bfe5-efa356fad9e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 273 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=06e054f7-bfe9-4bd4-bfe5-efa356fad9e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 272 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=06e054f7-bfe9-4bd4-bfe5-efa356fad9e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 271 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=06e054f7-bfe9-4bd4-bfe5-efa356fad9e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 270 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=06e054f7-bfe9-4bd4-bfe5-efa356fad9e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 269 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21c50ebf-f03a-433b-bda9-40f7a29b460c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9905e866-5e5c-4e04-83bc-b1dd8f4e6828
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 268 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=abd01ae7-35ac-4405-ad48-cb1ced3246c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=773e7e3f-2af5-41f3-82cc-f6327dac461c
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 267 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=abd01ae7-35ac-4405-ad48-cb1ced3246c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=773e7e3f-2af5-41f3-82cc-f6327dac461c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 266 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=abd01ae7-35ac-4405-ad48-cb1ced3246c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 265 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=abd01ae7-35ac-4405-ad48-cb1ced3246c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 264 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=abd01ae7-35ac-4405-ad48-cb1ced3246c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 263 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=abd01ae7-35ac-4405-ad48-cb1ced3246c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 262 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=abd01ae7-35ac-4405-ad48-cb1ced3246c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 261 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=abd01ae7-35ac-4405-ad48-cb1ced3246c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 260 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=abd01ae7-35ac-4405-ad48-cb1ced3246c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 259 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=abd01ae7-35ac-4405-ad48-cb1ced3246c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 258 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21c50ebf-f03a-433b-bda9-40f7a29b460c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9905e866-5e5c-4e04-83bc-b1dd8f4e6828
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 257 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21c50ebf-f03a-433b-bda9-40f7a29b460c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 256 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21c50ebf-f03a-433b-bda9-40f7a29b460c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 255 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21c50ebf-f03a-433b-bda9-40f7a29b460c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 254 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21c50ebf-f03a-433b-bda9-40f7a29b460c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 253 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21c50ebf-f03a-433b-bda9-40f7a29b460c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 252 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=21c50ebf-f03a-433b-bda9-40f7a29b460c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 251 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8410fc35-2f8e-42ac-a006-8e0f4bb3716a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=27ab49b6-08ce-4f2c-a67b-c0a02a9e5a2c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 250 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=955bbe15-860d-4dd9-8f4d-1888396817b6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d45a2e4d-b33b-41b9-8ea1-e7e3251fff93
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 249 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=955bbe15-860d-4dd9-8f4d-1888396817b6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d45a2e4d-b33b-41b9-8ea1-e7e3251fff93
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 248 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=955bbe15-860d-4dd9-8f4d-1888396817b6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 247 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=955bbe15-860d-4dd9-8f4d-1888396817b6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 246 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=955bbe15-860d-4dd9-8f4d-1888396817b6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 245 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=955bbe15-860d-4dd9-8f4d-1888396817b6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 244 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=955bbe15-860d-4dd9-8f4d-1888396817b6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 243 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=955bbe15-860d-4dd9-8f4d-1888396817b6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 242 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=955bbe15-860d-4dd9-8f4d-1888396817b6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 241 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=955bbe15-860d-4dd9-8f4d-1888396817b6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 240 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8410fc35-2f8e-42ac-a006-8e0f4bb3716a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=27ab49b6-08ce-4f2c-a67b-c0a02a9e5a2c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 239 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8410fc35-2f8e-42ac-a006-8e0f4bb3716a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 238 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8410fc35-2f8e-42ac-a006-8e0f4bb3716a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 237 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8410fc35-2f8e-42ac-a006-8e0f4bb3716a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 236 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8410fc35-2f8e-42ac-a006-8e0f4bb3716a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 235 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8410fc35-2f8e-42ac-a006-8e0f4bb3716a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 234 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8410fc35-2f8e-42ac-a006-8e0f4bb3716a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 233 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5e54b12e-c030-4881-8617-95d06868aece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b5066e0f-390d-4d7e-9ff5-f654564fe913
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 232 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66103f36-1807-46ae-a3da-49cb2f4601f6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=5.1.14393.1944
RunspaceId=e4e9fde1-7810-4f1a-bdbb-88b2e03a6958
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 231 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66103f36-1807-46ae-a3da-49cb2f4601f6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=5.1.14393.1944
RunspaceId=e4e9fde1-7810-4f1a-bdbb-88b2e03a6958
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 230 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66103f36-1807-46ae-a3da-49cb2f4601f6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 229 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66103f36-1807-46ae-a3da-49cb2f4601f6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 228 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66103f36-1807-46ae-a3da-49cb2f4601f6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 227 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66103f36-1807-46ae-a3da-49cb2f4601f6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 226 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66103f36-1807-46ae-a3da-49cb2f4601f6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 225 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66103f36-1807-46ae-a3da-49cb2f4601f6
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 224 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a4759c15-93aa-4462-8643-8769ddda1665
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b06279db-d692-4bef-9ec8-31faf1b44a8f
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 223 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a4759c15-93aa-4462-8643-8769ddda1665
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b06279db-d692-4bef-9ec8-31faf1b44a8f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 222 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a4759c15-93aa-4462-8643-8769ddda1665
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 221 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a4759c15-93aa-4462-8643-8769ddda1665
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 220 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a4759c15-93aa-4462-8643-8769ddda1665
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 219 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a4759c15-93aa-4462-8643-8769ddda1665
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 218 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a4759c15-93aa-4462-8643-8769ddda1665
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 217 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a4759c15-93aa-4462-8643-8769ddda1665
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 216 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a4759c15-93aa-4462-8643-8769ddda1665
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 215 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a4759c15-93aa-4462-8643-8769ddda1665
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 214 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5e54b12e-c030-4881-8617-95d06868aece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b5066e0f-390d-4d7e-9ff5-f654564fe913
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 213 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5e54b12e-c030-4881-8617-95d06868aece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 212 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5e54b12e-c030-4881-8617-95d06868aece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 211 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5e54b12e-c030-4881-8617-95d06868aece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 210 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5e54b12e-c030-4881-8617-95d06868aece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 209 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5e54b12e-c030-4881-8617-95d06868aece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 208 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5e54b12e-c030-4881-8617-95d06868aece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 207 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9079fdaf-cef9-4639-ae10-19f970723a3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ad133f86-00e5-489b-8d70-10378d757161
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 206 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=35c6acf1-4101-4f1d-8f4c-37584e4749b3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e90f8052-4c7c-4b99-82d1-8fe3fa1d3c78
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 205 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=35c6acf1-4101-4f1d-8f4c-37584e4749b3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 204 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=35c6acf1-4101-4f1d-8f4c-37584e4749b3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 203 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=35c6acf1-4101-4f1d-8f4c-37584e4749b3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 202 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=35c6acf1-4101-4f1d-8f4c-37584e4749b3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 201 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=35c6acf1-4101-4f1d-8f4c-37584e4749b3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 200 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=35c6acf1-4101-4f1d-8f4c-37584e4749b3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 199 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=35c6acf1-4101-4f1d-8f4c-37584e4749b3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 198 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=35c6acf1-4101-4f1d-8f4c-37584e4749b3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 197 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9079fdaf-cef9-4639-ae10-19f970723a3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ad133f86-00e5-489b-8d70-10378d757161
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 196 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9079fdaf-cef9-4639-ae10-19f970723a3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 195 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9079fdaf-cef9-4639-ae10-19f970723a3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 194 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9079fdaf-cef9-4639-ae10-19f970723a3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 193 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9079fdaf-cef9-4639-ae10-19f970723a3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 192 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9079fdaf-cef9-4639-ae10-19f970723a3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 191 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9079fdaf-cef9-4639-ae10-19f970723a3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 190 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=36
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2d1bf6f-0e95-456b-9df5-59502765ad65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=90cf3811-ad39-4da3-a256-c98c92dadded
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 189 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=34
UserId=HV-CINDER-78462\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=87990ec7-6ca9-478f-bfec-35202c02048a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=73ac47c5-cb55-4864-8d8d-a7de0e8a8ff7
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 188 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=87990ec7-6ca9-478f-bfec-35202c02048a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=73ac47c5-cb55-4864-8d8d-a7de0e8a8ff7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 187 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=87990ec7-6ca9-478f-bfec-35202c02048a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 186 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=87990ec7-6ca9-478f-bfec-35202c02048a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 185 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=87990ec7-6ca9-478f-bfec-35202c02048a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 184 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=87990ec7-6ca9-478f-bfec-35202c02048a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 183 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=87990ec7-6ca9-478f-bfec-35202c02048a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 182 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=87990ec7-6ca9-478f-bfec-35202c02048a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 181 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=87990ec7-6ca9-478f-bfec-35202c02048a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 180 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=87990ec7-6ca9-478f-bfec-35202c02048a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 179 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2d1bf6f-0e95-456b-9df5-59502765ad65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=90cf3811-ad39-4da3-a256-c98c92dadded
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 178 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2d1bf6f-0e95-456b-9df5-59502765ad65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 177 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2d1bf6f-0e95-456b-9df5-59502765ad65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 176 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2d1bf6f-0e95-456b-9df5-59502765ad65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 175 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2d1bf6f-0e95-456b-9df5-59502765ad65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 174 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2d1bf6f-0e95-456b-9df5-59502765ad65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 173 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2d1bf6f-0e95-456b-9df5-59502765ad65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 172 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=332fd485-dabe-403b-a9d4-9008e003bcb0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9428c2af-f5ab-43f0-954e-dadb0893a1e4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 171 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4977a45f-dd54-4d83-a458-b9aad837f79d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=13eabb21-a01c-472c-a1f6-f73ba94bb9ad
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 170 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4977a45f-dd54-4d83-a458-b9aad837f79d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 169 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4977a45f-dd54-4d83-a458-b9aad837f79d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 168 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4977a45f-dd54-4d83-a458-b9aad837f79d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 167 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4977a45f-dd54-4d83-a458-b9aad837f79d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 166 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4977a45f-dd54-4d83-a458-b9aad837f79d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 165 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4977a45f-dd54-4d83-a458-b9aad837f79d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 164 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4977a45f-dd54-4d83-a458-b9aad837f79d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 163 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4977a45f-dd54-4d83-a458-b9aad837f79d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 162 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=332fd485-dabe-403b-a9d4-9008e003bcb0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9428c2af-f5ab-43f0-954e-dadb0893a1e4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 161 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=332fd485-dabe-403b-a9d4-9008e003bcb0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 160 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=332fd485-dabe-403b-a9d4-9008e003bcb0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 159 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=332fd485-dabe-403b-a9d4-9008e003bcb0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 158 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=332fd485-dabe-403b-a9d4-9008e003bcb0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 157 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=332fd485-dabe-403b-a9d4-9008e003bcb0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 156 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=332fd485-dabe-403b-a9d4-9008e003bcb0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 155 | PowerShell | | Windows PowerShell | | | hv-cinder-78462 | | 5/19/2021 8:32:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=5.1.14393.1944
RunspaceId=7daab07d-0651-4522-8638-68cfa15aacea
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 154 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 153 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=13
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 152 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 151 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 150 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 149 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 148 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 147 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 146 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=5.1.14393.1944
RunspaceId=aec94911-82d5-4605-ada7-e49055ea6007
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 145 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 144 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 143 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 142 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 141 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 140 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 139 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=5.1.14393.1944
RunspaceId=8db922f0-0511-49c4-b38a-fbdb0b2889c8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 138 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 137 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 136 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 135 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 134 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 133 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 132 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=5.1.14393.1944
RunspaceId=f313b4cd-0f39-498d-9ea1-7d6a0388a78e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 131 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 130 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 129 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 128 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 127 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 126 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 125 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=5.1.14393.1944
RunspaceId=36a249c5-de3e-419e-a7df-98ad369b2d9e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 124 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 123 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 122 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 121 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 120 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 119 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 118 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=19
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=52ed0133-95ba-4d7e-a2ba-ec8c934216bb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 117 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:11:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=98467050-eab8-4e58-97d4-7e9397ff0dd0
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 116 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:07 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=98467050-eab8-4e58-97d4-7e9397ff0dd0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 115 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:06 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 114 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 113 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 112 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 111 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 110 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 109 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=52ed0133-95ba-4d7e-a2ba-ec8c934216bb
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 108 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=52ed0133-95ba-4d7e-a2ba-ec8c934216bb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 107 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 106 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 105 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 104 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 103 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 102 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 101 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=17
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=4d6fad3d-f0b3-4bbe-8ad9-b26d9ec7292f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 100 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:54:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=a4a0a07f-06ac-4a2d-86a2-f4c056fed0a8
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 99 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=a4a0a07f-06ac-4a2d-86a2-f4c056fed0a8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 98 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 97 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 96 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 95 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 94 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 93 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 92 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=4d6fad3d-f0b3-4bbe-8ad9-b26d9ec7292f
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 91 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=4d6fad3d-f0b3-4bbe-8ad9-b26d9ec7292f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 90 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 89 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 88 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 87 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 86 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 85 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 84 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=17
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=c332c739-15b8-4812-b056-a474dd9993ce
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 83 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:45:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=27951a80-e512-49a7-b578-8a8c4c59ae5e
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 82 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=27951a80-e512-49a7-b578-8a8c4c59ae5e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 81 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 80 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 79 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 78 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 77 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 76 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 75 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=c332c739-15b8-4812-b056-a474dd9993ce
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 74 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=c332c739-15b8-4812-b056-a474dd9993ce
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 73 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 72 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 71 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 70 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 69 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 68 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 67 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=4d7d6ea6-001a-4f6f-8ec6-2fb1c9710a0b
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 66 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=4d7d6ea6-001a-4f6f-8ec6-2fb1c9710a0b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 65 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 64 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 63 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 62 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 61 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 60 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 59 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=0abd4cfa-d693-4f23-b0cc-b5ff1c872ac6
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 58 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=0abd4cfa-d693-4f23-b0cc-b5ff1c872ac6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 57 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 56 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 55 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 54 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 53 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 52 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 51 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=17
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=21324846-87d1-4add-8e96-8b8ecf3baec5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 50 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:02:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=435f43b7-5ec6-41ea-9e53-9b93107b8d41
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 49 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=435f43b7-5ec6-41ea-9e53-9b93107b8d41
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 48 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 47 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 46 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 45 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 44 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 43 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 42 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=21324846-87d1-4add-8e96-8b8ecf3baec5
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 41 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=21324846-87d1-4add-8e96-8b8ecf3baec5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 40 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 39 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 38 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 37 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 36 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 35 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 34 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=17
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.0
RunspaceId=9f172a18-8cea-4b39-aef6-cb820c01f9d3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 33 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:35:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.0
RunspaceId=e01d735e-b2d6-4538-b5bc-96db397d918b
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 32 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.0
RunspaceId=e01d735e-b2d6-4538-b5bc-96db397d918b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 31 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 30 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 29 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 28 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 27 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 26 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 25 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.0
RunspaceId=9f172a18-8cea-4b39-aef6-cb820c01f9d3
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 24 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.0
RunspaceId=9f172a18-8cea-4b39-aef6-cb820c01f9d3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 23 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 22 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 21 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 20 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 19 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 18 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 17 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=5.1.14393.0
RunspaceId=8cefcba8-87f3-4fed-b96a-f2c105b2f3da
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 16 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=5.1.14393.0
RunspaceId=8cefcba8-87f3-4fed-b96a-f2c105b2f3da
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 15 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 14 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 13 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 12 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 11 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 10 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 9 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=5.1.14393.0
RunspaceId=16e771eb-c367-43f8-b362-2bd303750968
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 8 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=5.1.14393.0
RunspaceId=16e771eb-c367-43f8-b362-2bd303750968
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 7 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 6 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 5 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 4 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |